PatchSiren cyber security CVE debrief
CVE-2025-41670 Phoenix Contact CVE debrief
A local privilege escalation vulnerability exists where a low-privileged user can manipulate configuration or application files in user-writable filesystem locations to influence the behavior of a privileged system service. The service processes data from insufficiently protected locations, and because it runs with elevated privileges, successful exploitation may result in local privilege escalation. The vulnerability is classified as CWE-427 (Uncontrolled Search Path Element). The CVSS 4.0 vector indicates network attack vector with low attack complexity, low privileges required, and high impact to confidentiality, integrity, and availability. The vendor attribution is currently uncertain based on the reference domain candidate 'Certvde', suggesting the affected product may be related to VDE CERT advisory VDE-2026-050.
- Vendor
- Phoenix Contact
- Product
- AXC F 1152
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-27
- Original CVE updated
- 2026-05-27
- Advisory published
- 2026-05-27
- Advisory updated
- 2026-05-27
Who should care
System administrators managing multi-user environments, security teams responsible for privilege escalation prevention, and organizations running affected products covered by VDE-2026-050 advisory.
Technical summary
The vulnerability stems from a privileged system service processing configuration or application data from filesystem locations that lack sufficient protection against modification by low-privileged users. This represents an instance of CWE-427 (Uncontrolled Search Path Element), where the service's trust in user-influenced data paths enables privilege escalation. The CVSS 4.0 metrics (AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H) indicate that while network attack vector is specified, the described mechanism is local in nature—likely reflecting scoring of the underlying service exposure. Organizations should prioritize identifying services with this pattern and restricting write access to their configuration data paths.
Defensive priority
HIGH
Recommended defensive actions
- Review filesystem permissions on configuration and application data directories accessed by privileged services
- Audit services running with elevated privileges that process data from user-writable locations
- Implement principle of least privilege for service accounts
- Apply security updates from vendor when available per VDE-2026-050 advisory
- Monitor for anomalous file modifications in service configuration directories
Evidence notes
CVE published 2026-05-27. CVSS 4.0 score 8.7 (HIGH). Weakness: CWE-427. Source reference from certvde.com advisory VDE-2026-050. Vendor confidence low, needs review.
Official resources
-
CVE-2025-41670 CVE record
CVE.org
-
CVE-2025-41670 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
2026-05-27