XSS in Phoenix Contact Fl Nat 2008
CVE-2025-41748
An XSS vulnerability in pxc_Dot1xCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM)…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.084 (94.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L.
Affected products
- Phoenix Contact Fl Nat 2008 — versions 0.0.0
- Phoenix Contact Fl Nat 2208 — versions 0.0.0
- Phoenix Contact Fl Nat 2304-2gc-2sfp — versions 0.0.0
- Phoenix Contact Fl Switch 2005 — versions 0.0.0
- Phoenix Contact Fl Switch 2008 — versions 0.0.0
- Phoenix Contact Fl Switch 2008f — versions 0.0.0
- Phoenix Contact Fl Switch 2016 — versions 0.0.0
- Phoenix Contact Fl Switch 2105 — versions 0.0.0
- Phoenix Contact Fl Switch 2108 — versions 0.0.0
- Phoenix Contact Fl Switch 2116 — versions 0.0.0
Weakness classification (CWE)
References
- info@cert.vde.com (Vendor Advisory)
Frequently asked questions
- What is CVE-2025-41748?
- CVE-2025-41748 is a high-severity vulnerability in Phoenix Contact Fl Nat 2008, classified under Cross-site Scripting. CVSS score: 7.1/10. Published 2025-12-09.
- How severe is CVE-2025-41748?
- High severity. CVSS v3 base score is 7.1 out of 10.