CVE-2025-41670— Untrusted Search Path
Affected Version Matrix 14
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Phoenix Contact | AXC F 1152 | 0.0.0< 2026.0.3 | affected |
| Phoenix Contact | AXC F 1252 | 0.0.0< 2026.0.3 | affected |
| Phoenix Contact | AXC F 2000 EA | 0.0.0< 2026.0.3 | affected |
| Phoenix Contact | AXC F 2152 | 0.0.0< 2026.0.3 | affected |
| Phoenix Contact | AXC F 3152 | 0.0.0< 2026.0.3 | affected |
| Phoenix Contact | BPC 9102S | 0.0.0< 2026.0.3 | affected |
| Phoenix Contact | EPC 1522 | 0.0.0< 2026.0.3 | affected |
| Phoenix Contact | RFC 4072R | 0.0.0< 2026.0.3 | affected |
| Phoenix Contact | RFC 4072S | 0.0.0< 2026.0.3 | affected |
| Phoenix Contact | VL3 UPC 2440 EDGE | 0.0.0< 2026.0.3 | affected |
| Phoenix Contact | VPLCNEXT CONTROL 1000 | 0.0.0< 2026.0.3 | affected |
| Phoenix Contact | VPLCNEXT CONTROL 2000 | 0.0.0< 2026.0.3 | affected |
| Phoenix Contact | VPLCNEXT CONTROL 3000 | 0.0.0< 2026.0.3 | affected |
| Phoenix Contact | VPLCNEXT CONTROL 500 | 0.0.0< 2026.0.3 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-41670
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Untrusted Search Path
Source: NVD (National Vulnerability Database)
Vulnerability Description
A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or application-related files located in user-writable areas of the filesystem. The affected service processes data from locations that are not sufficiently protected against modification by low-privileged users. As the service runs with elevated privileges, successful exploitation may result in a local privilege escalation.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对搜索路径元素未加控制
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Phoenix Contact | AXC F 1152 | 0.0.0 ~ 2026.0.3 | - | |
| Phoenix Contact | AXC F 1252 | 0.0.0 ~ 2026.0.3 | - | |
| Phoenix Contact | AXC F 2000 EA | 0.0.0 ~ 2026.0.3 | - | |
| Phoenix Contact | AXC F 2152 | 0.0.0 ~ 2026.0.3 | - | |
| Phoenix Contact | AXC F 3152 | 0.0.0 ~ 2026.0.3 | - | |
| Phoenix Contact | BPC 9102S | 0.0.0 ~ 2026.0.3 | - | |
| Phoenix Contact | EPC 1522 | 0.0.0 ~ 2026.0.3 | - | |
| Phoenix Contact | RFC 4072R | 0.0.0 ~ 2026.0.3 | - | |
| Phoenix Contact | RFC 4072S | 0.0.0 ~ 2026.0.3 | - | |
| Phoenix Contact | VL3 UPC 2440 EDGE | 0.0.0 ~ 2026.0.3 | - | |
| Phoenix Contact | VPLCNEXT CONTROL 1000 | 0.0.0 ~ 2026.0.3 | - | |
| Phoenix Contact | VPLCNEXT CONTROL 2000 | 0.0.0 ~ 2026.0.3 | - | |
| Phoenix Contact | VPLCNEXT CONTROL 3000 | 0.0.0 ~ 2026.0.3 | - | |
| Phoenix Contact | VPLCNEXT CONTROL 500 | 0.0.0 ~ 2026.0.3 | - |
II. Public POCs for CVE-2025-41670
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-41670
请登录查看更多情报信息。
Vendor Advisories for CVE-2025-41670 (1)
IV. Related Vulnerabilities
Same product: AXC F 1152
- CVE-2025-41669
Insufficient Verification of Data Authenticity - CVE-2025-41668
Phoenix Contact: File access due to the replacement of a cri - CVE-2025-41667
Phoenix Contact: File access due to the replacement of a cri - CVE-2025-41666
Phoenix Contact: File access due to the replacement of a cri - CVE-2025-41665
Phoenix Contact: DoS of the PLC due to incorrect default per
Same vendor: Phoenix Contact
- CVE-2025-41669
Insufficient Verification of Data Authenticity - CVE-2024-43384
Phoenix Contact: Improper removal of sensitive information i - CVE-2026-22323
Cross‑Site Request Forgery in Link Aggregation Configuration - CVE-2026-22322
Stored Cross‑Site Scripting in Link Aggregation Name Handlin - CVE-2026-22321
Stack-Based Buffer Overflow in CLI Login Username Handling o
Same weakness: CWE-427
- CVE-2026-47274
pam_usb: Uncontrolled search path in pam_usb tools allows pr - CVE-2023-52945
群晖 BeeDrive 1.3.2前非受控搜索路径漏洞 - CVE-2025-14575
Uncontrolled Search Path Element in Qt Network OpenSSL TLS b - CVE-2026-32323
Mullvad VPN for macOS: Local Privilege Escalation via unveri - CVE-2026-47092
Claude HUD 0.0.12 Arbitrary Command Execution via COMSPEC En
V. Comments for CVE-2025-41670
No comments yet