CVE-2025-41745 | Reflected XSS vulnerability in pxc_portCntr2.php

An XSS vulnerability in pxc_portCntr2.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.

Published: 2025-12-09 Last update: 2025-12-19 Assigner: [email protected] Source: [email protected]
NVD Status:AnalyzedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2025-41745 is rated Low Risk (36.9/100): CVSS High severity, with low exploitation likelihood (EPSS 0.08%). Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2025-41745

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-12-09 0.08%

Full EPSS history (1 record total)

Common vulnerability scoring system (CVSS) metrics for CVE-2025-41745

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.1 3.1 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:R)
A real person has to do something—click, install, enable—otherwise it doesn’t land.
Scope (S:C)
Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:L)
Some sensitive info could get out, but not a total data dump.
Integrity (I:L)
Attackers could change some data, but it’s limited—not everything goes.
Availability (A:L)
Might cause slowdowns, glitches, or partial disruption—not a full brick.
 2.8 3.7 [email protected]

Weakness enumeration for CVE-2025-41745

Affected software / configurations for CVE-2025-41745

Vendor Product Version Raw CPE
phoenixcontact fl_nat_2008_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_nat_2008_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_nat_2208_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_nat_2208_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_nat_2304-2gc-2sfp_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_nat_2304-2gc-2sfp_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2005_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2005_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2008_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2008_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2008f_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2008f_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2016_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2016_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2105_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2105_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2108_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2108_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2116_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2116_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2204-2tc-2sfx_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2204-2tc-2sfx_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2205_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2205_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2206-2fx_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2206-2fx_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2206-2fx_sm_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2206-2fx_sm_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2206-2fx_sm_st_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2206-2fx_sm_st_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2206-2fx_st_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2206-2fx_st_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2206-2sfx_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2206-2sfx_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2206-2sfx_pn_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2206-2sfx_pn_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2206c-2fx_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2206c-2fx_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2207-fx_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2207-fx_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2207-fx_sm_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2207-fx_sm_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2208_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2208_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2208_pn_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2208_pn_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2208c_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2208c_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2212-2tc-2sfx_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2212-2tc-2sfx_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2214-2fx_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2214-2fx_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2214-2fx_sm_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2214-2fx_sm_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2214-2sfx_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2214-2sfx_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2214-2sfx_pn_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2214-2sfx_pn_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2216_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2216_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2216_pn_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2216_pn_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2303-8sp1 < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2303-8sp1:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2304-2gc-2sfp_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2304-2gc-2sfp_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2306-2sfp_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2306-2sfp_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2306-2sfp_pn_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2306-2sfp_pn_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2308_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2308_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2308_pn_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2308_pn_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2312-2gc-2sfp_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2312-2gc-2sfp_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2314-2sfp_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2314-2sfp_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2314-2sfp_pn_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2314-2sfp_pn_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2316_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2316_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2316\/k1_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2316\/k1_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2316_pn_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2316_pn_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2404-2tc-2sfx_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2404-2tc-2sfx_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2406-2sfx_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2406-2sfx_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2406-2sfx_pn_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2406-2sfx_pn_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2408_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2408_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2408_pn_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2408_pn_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2412-2tc-2sfx_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2412-2tc-2sfx_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2414-2sfx_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2414-2sfx_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2414-2sfx_pn_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2414-2sfx_pn_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2416_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2416_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2416_pn_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2416_pn_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2504-2gc-2sfp_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2504-2gc-2sfp_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2506-2sfp_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2506-2sfp_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2506-2sfp\/k1_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2506-2sfp\/k1_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2506-2sfp_pn_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2506-2sfp_pn_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2508_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2508_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2508\/k1_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2508\/k1_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2508_pn_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2508_pn_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2512-2gc-2sfp_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2512-2gc-2sfp_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2514-2sfp_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2514-2sfp_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2514-2sfp_pn_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2514-2sfp_pn_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2516_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2516_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2516_pn_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2516_pn_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2608_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2608_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2608_pn_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2608_pn_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2708_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2708_firmware:*:*:*:*:*:*:*:*
phoenixcontact fl_switch_2708_pn_firmware < 3.50 cpe:2.3:o:phoenixcontact:fl_switch_2708_pn_firmware:*:*:*:*:*:*:*:*

References for CVE-2025-41745

cvelogic Threat Intelligence