CVE-2025-25271
Published: 08 July 2025
Summary
CVE-2025-25271 is a high-severity Initialization of a Resource with an Insecure Default (CWE-1188) vulnerability in Phoenixcontact Charx Sec-3000 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 34.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Establishes and enforces secure configuration settings for system components, directly countering the insecure default settings in the configuration interface that allow unauthenticated reconfiguration of the OCPP backend.
Limits and documents actions permitted without identification or authentication, preventing unauthenticated adjacent attackers from accessing sensitive configuration functions.
Enforces approved authorizations for logical access to system resources, blocking unauthenticated attempts to configure the OCPP backend via the vulnerable interface.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated adjacent exploitation of OCPP config interface directly enables remote service exploitation (T1210) and public/adjacent-facing app compromise (T1190) for backend reconfiguration, command injection and disruption.
NVD Description
An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface.
Deeper analysisAI
CVE-2025-25271 is a high-severity vulnerability (CVSS 8.8, CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) caused by insecure defaults in a configuration interface, enabling an unauthenticated adjacent attacker to configure a new OCPP backend. The issue is linked to CWE-1188 (Implementation of a security check). It affects components handling OCPP, the Open Charge Point Protocol commonly used in electric vehicle charging infrastructure.
An adjacent attacker on the local network (AV:A) can exploit this without authentication (PR:N), user interaction (UI:N), or high complexity (AC:L). Successful exploitation grants high confidentiality, integrity, and availability impacts (C:I:A:H), potentially allowing full reconfiguration of the OCPP backend for malicious purposes such as data interception, command injection, or service disruption.
The primary advisory, VDE-2025-019 from CERT VDE (https://certvde.com/de/advisories/VDE-2025-019), details the vulnerability and likely includes mitigation guidance, such as securing the configuration interface or applying vendor patches.
Details
- CWE(s)