CVE-2025-24006 is a high-severity vulnerability affecting the Phoenix Contact CHARX SEC-3150 device, identified as an instance of CWE-269: Improper Privilege Management. This vulnerability allows a low-privileged local attacker to escalate their privileges to root by exploiting insecure permissions configured on the device's SSH service. Specifically, the issue arises from improper permission settings that permit an attacker with limited access to leverage SSH to gain full administrative control over the device. The CVSS v3.1 base score of 7.8 reflects the significant impact on confidentiality, integrity, and availability, with an attack vector requiring local access but low complexity and no user interaction. The vulnerability affects version 0.0.0 of the CHARX SEC-3150, and as of the published date, no patches or known exploits in the wild have been reported. The CHARX SEC-3150 is an industrial device used in critical infrastructure environments, making this vulnerability particularly concerning for operational technology (OT) security. Exploitation could lead to complete system compromise, unauthorized control over device functions, and potential disruption of industrial processes.

For European organizations, especially those operating in industrial sectors such as energy, manufacturing, and utilities, this vulnerability poses a significant risk. The CHARX SEC-3150 is likely deployed in environments where secure and reliable operation is critical. An attacker gaining root access could manipulate device configurations, disrupt charging infrastructure operations, or pivot to other parts of the network, potentially causing widespread operational disruptions. Confidentiality breaches could expose sensitive operational data, while integrity and availability impacts could lead to safety hazards or financial losses. Given the local access requirement, insider threats or attackers who have gained initial footholds in the network could exploit this vulnerability to escalate privileges and deepen their access, complicating incident response efforts.

To mitigate this vulnerability, European organizations should immediately audit and restrict SSH permissions on all CHARX SEC-3150 devices, ensuring that only trusted administrators have access. Network segmentation should be enforced to limit local access to these devices, reducing the attack surface. Implementing strict access control policies, including multi-factor authentication for SSH access where possible, will further reduce risk. Monitoring and logging SSH access attempts can help detect suspicious activities early. Since no patches are currently available, organizations should engage with Phoenix Contact for updates and consider temporary compensating controls such as disabling SSH access if operationally feasible. Additionally, conducting regular security assessments and penetration tests on OT environments will help identify and remediate privilege escalation vectors proactively.