CVE-2025-25268 is a high-severity vulnerability identified in the Phoenix Contact CHARX SEC-3150 device, a product likely used in industrial or critical infrastructure environments. The vulnerability is classified under CWE-306, which indicates a missing authentication for a critical function. Specifically, an unauthenticated attacker with adjacent network access can send specially crafted requests to an API endpoint on the device, resulting in unauthorized read and write access to configuration settings. This lack of authentication means that the device does not verify the identity or privileges of the requester before allowing configuration changes, exposing it to potential manipulation. The CVSS 3.1 score of 8.8 reflects the high impact on confidentiality, integrity, and availability, with low attack complexity, no privileges required, and no user interaction needed. The attack vector is adjacent network, meaning the attacker must be on the same local network or have access to a network segment that can reach the device's API. The vulnerability allows an attacker to alter device configurations, which could disrupt operations, cause denial of service, or facilitate further attacks within the network. No known exploits are currently reported in the wild, and no patches have been linked yet, indicating this is a newly disclosed issue requiring immediate attention.

For European organizations, especially those operating in industrial automation, energy, manufacturing, or critical infrastructure sectors, this vulnerability poses a significant risk. The CHARX SEC-3150 is likely deployed in environments where secure and reliable device configuration is critical. An attacker exploiting this vulnerability could alter device settings to disrupt operations, cause outages, or create backdoors for persistent access. This could lead to operational downtime, safety hazards, data breaches, and compliance violations under regulations such as NIS2 and GDPR if personal or operational data is compromised. The ability to modify configurations without authentication also increases the risk of sabotage or espionage, particularly in sectors like energy grids or manufacturing plants that are strategic targets in Europe. The adjacent network requirement limits remote exploitation but does not eliminate risk, as attackers could gain local network access through phishing, insider threats, or compromised devices.

European organizations should immediately identify any deployments of the Phoenix Contact CHARX SEC-3150 within their networks. Network segmentation should be enforced to isolate these devices from general IT networks and restrict access to trusted personnel only. Implement strict access control lists (ACLs) and firewall rules to limit API endpoint accessibility to authorized management stations. Until a vendor patch is available, consider disabling or restricting API access if feasible. Monitor network traffic for unusual requests targeting the device’s API endpoints, and deploy intrusion detection/prevention systems (IDS/IPS) tuned to detect anomalous configuration changes. Conduct regular audits of device configurations to detect unauthorized modifications promptly. Engage with Phoenix Contact for updates on patches or firmware upgrades addressing this vulnerability. Additionally, enhance physical security and employee awareness to reduce the risk of adjacent network compromise.