CVE-2025-41695

Home/CVE/An XSS vulnerability in dyn_conn.php can be used by an unauthenticated remote attacker to trick an authenticated user to

CVE

An XSS vulnerability in dyn_conn.php can be used by an unauthenticated remote attacker to trick an authenticated user to

An XSS vulnerability in dyn_conn.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application.

The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.

HIGH · CVSS 7.1 EPSS 0.00071

Schedule remediation

CVSS base score ≥ 7.0

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

▤

Affected Products & Versions

phoenixcontact fl nat 2008 firmware< 3.50
phoenixcontact fl nat 2208 firmware< 3.50
phoenixcontact fl nat 2304-2gc-2sfp firmware< 3.50
phoenixcontact fl switch 2005 firmware< 3.50
phoenixcontact fl switch 2008 firmware< 3.50
phoenixcontact fl switch 2008f firmware< 3.50
phoenixcontact fl switch 2016 firmware< 3.50
phoenixcontact fl switch 2105 firmware< 3.50
Show all 60 affected productsphoenixcontact fl switch 2108 firmware< 3.50
phoenixcontact fl switch 2116 firmware< 3.50
phoenixcontact fl switch 2204-2tc-2sfx firmware< 3.50
phoenixcontact fl switch 2205 firmware< 3.50
phoenixcontact fl switch 2206-2fx firmware< 3.50
phoenixcontact fl switch 2206-2fx sm firmware< 3.50
phoenixcontact fl switch 2206-2fx sm st firmware< 3.50
phoenixcontact fl switch 2206-2fx st firmware< 3.50
phoenixcontact fl switch 2206-2sfx firmware< 3.50
phoenixcontact fl switch 2206-2sfx pn firmware< 3.50
phoenixcontact fl switch 2206c-2fx firmware< 3.50
phoenixcontact fl switch 2207-fx firmware< 3.50
phoenixcontact fl switch 2207-fx sm firmware< 3.50
phoenixcontact fl switch 2208 firmware< 3.50
phoenixcontact fl switch 2208 pn firmware< 3.50
phoenixcontact fl switch 2208c firmware< 3.50
phoenixcontact fl switch 2212-2tc-2sfx firmware< 3.50
phoenixcontact fl switch 2214-2fx firmware< 3.50
phoenixcontact fl switch 2214-2fx sm firmware< 3.50
phoenixcontact fl switch 2214-2sfx firmware< 3.50
phoenixcontact fl switch 2214-2sfx pn firmware< 3.50
phoenixcontact fl switch 2216 firmware< 3.50
phoenixcontact fl switch 2216 pn firmware< 3.50
phoenixcontact fl switch 2303-8sp1< 3.50
phoenixcontact fl switch 2304-2gc-2sfp firmware< 3.50
phoenixcontact fl switch 2306-2sfp firmware< 3.50
phoenixcontact fl switch 2306-2sfp pn firmware< 3.50
phoenixcontact fl switch 2308 firmware< 3.50
phoenixcontact fl switch 2308 pn firmware< 3.50
phoenixcontact fl switch 2312-2gc-2sfp firmware< 3.50
phoenixcontact fl switch 2314-2sfp firmware< 3.50
phoenixcontact fl switch 2314-2sfp pn firmware< 3.50
phoenixcontact fl switch 2316 firmware< 3.50
phoenixcontact fl switch 2316\/k1 firmware< 3.50
phoenixcontact fl switch 2316 pn firmware< 3.50
phoenixcontact fl switch 2404-2tc-2sfx firmware< 3.50
phoenixcontact fl switch 2406-2sfx firmware< 3.50
phoenixcontact fl switch 2406-2sfx pn firmware< 3.50
phoenixcontact fl switch 2408 firmware< 3.50
phoenixcontact fl switch 2408 pn firmware< 3.50
phoenixcontact fl switch 2412-2tc-2sfx firmware< 3.50
phoenixcontact fl switch 2414-2sfx firmware< 3.50
phoenixcontact fl switch 2414-2sfx pn firmware< 3.50
phoenixcontact fl switch 2416 firmware< 3.50
phoenixcontact fl switch 2416 pn firmware< 3.50
phoenixcontact fl switch 2504-2gc-2sfp firmware< 3.50
phoenixcontact fl switch 2506-2sfp firmware< 3.50
phoenixcontact fl switch 2506-2sfp\/k1 firmware< 3.50
phoenixcontact fl switch 2506-2sfp pn firmware< 3.50
phoenixcontact fl switch 2508 firmware< 3.50
phoenixcontact fl switch 2508\/k1 firmware< 3.50
phoenixcontact fl switch 2508 pn firmware< 3.50

◈

Detection Rules (IDS/IPS)

et-openET WEB_SPECIFIC_APPS Phoenix Contact dyn_conn.php objSave Parameter Cross Site Scripting Attempt (CVE-2025-41695)attempted-admin

Open rulesets (ET Open, Snort Community, abuse.ch) link to source. Commercial rulesets are reference-only.

▣

Scoring & Timeline

7.1

HIGH · CVSS v3.1 · info@cert.vde.com

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD09 Dec 2025 · 04:17 PM

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

SSVC triage · cisa-vulnrichment

Exploitation

none

Automatable

Technical impact

partial

SSVC asks the questions that actually drive patch urgency: is it being exploited, can attacks be automated, and how total is the impact.

🔗

References & Sources

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

https://certvde.com/de/advisories/VDE-2025-071Third Party Advisory

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin