CVE-2025-25271

High CVSS: 8.8

An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface.

Vendor

Product

CWE

Yayın Tarihi

2025-07-08 07:15:25

Güncelleme

2025-07-11 14:37:11

Source Identifier

info@cert.vde.com

KEV Date Added

CWE-1188 Charx Sec-3000 Firmware HIGH Phoenixcontact 2025

https://certvde.com/de/advisories/VDE-2025-019

High

CVE-2025-41748

An XSS vulnerability in pxc_Dot1xCfg.php can be used by an unauthenticated remote attacker to trick an authenticated use…

High

CVE-2025-41749

An XSS vulnerability in port_util.php can be used by an unauthenticated remote attacker to trick an authenticated user t…

High

CVE-2025-41750

An XSS vulnerability in pxc_PortCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user…

High

CVE-2025-41751

An XSS vulnerability in pxc_portCntr.php can be used by an unauthenticated remote attacker to trick an authenticated use…

High

CVE-2025-41752

An XSS vulnerability in pxc_portSfp.php can be used by an unauthenticated remote attacker to trick an authenticated user…

Medium

CVE-2025-41696

An attacker can use an undocumented UART port on the PCB as a side-channel with the user hardcoded credentials obtained…