XSS in Phoenix Contact Fl Nat 2008

CVE-2025-41748

An XSS vulnerability in pxc_Dot1xCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM)…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.084 (94.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2025-41748?
CVE-2025-41748 is a high-severity vulnerability in Phoenix Contact Fl Nat 2008, classified under Cross-site Scripting. CVSS score: 7.1/10. Published 2025-12-09.
How severe is CVE-2025-41748?
High severity. CVSS v3 base score is 7.1 out of 10.