CVE-2025-2813 is a high-severity vulnerability identified in the Phoenix Contact AXL F BK PN TPS product. The vulnerability is classified under CWE-770, which pertains to the allocation of resources without limits or throttling. Specifically, an unauthenticated remote attacker can exploit this flaw by sending a large volume of HTTP requests to the device's service running on port 80. Due to the lack of proper resource management or throttling mechanisms, the device becomes overwhelmed, leading to a Denial of Service (DoS) condition. This vulnerability does not impact confidentiality or integrity but severely affects availability, rendering the device unresponsive or inoperable. The CVSS 3.1 base score of 7.5 reflects the ease of exploitation (no authentication or user interaction required) and the significant impact on availability. The affected product version is listed as 0.0, which likely indicates an initial or default version number, suggesting that the vulnerability may affect all currently deployed versions or that versioning details are incomplete. There are no known exploits in the wild at the time of publication, and no patches have been linked yet, indicating that mitigation options may be limited to workarounds or network-level protections for now. The vulnerability was reserved in March 2025 and published in July 2025, showing a recent discovery and disclosure timeline.

For European organizations, this vulnerability poses a significant risk to operational continuity, especially for those relying on Phoenix Contact's AXL F BK PN TPS devices in their industrial control systems (ICS) or automation environments. A successful DoS attack could disrupt critical infrastructure operations, manufacturing processes, or building management systems, leading to downtime, financial losses, and potential safety hazards. Since the attack vector requires no authentication and can be launched remotely, threat actors could easily target exposed devices on enterprise or industrial networks. The lack of confidentiality or integrity impact reduces the risk of data breaches, but the availability impact alone can cause cascading effects in tightly integrated industrial environments common in European manufacturing hubs. Additionally, the absence of known exploits suggests that proactive mitigation is crucial to prevent future exploitation once exploit code becomes available.

Given the absence of patches, European organizations should implement immediate network-level protections. These include deploying strict firewall rules to restrict inbound HTTP traffic on port 80 to trusted management networks only, and using intrusion detection/prevention systems (IDS/IPS) to identify and block anomalous traffic patterns indicative of DoS attempts. Network segmentation is critical to isolate vulnerable devices from general enterprise networks and the internet. Rate limiting or traffic shaping on network devices can help throttle excessive requests to the affected service. Organizations should also monitor device logs and network traffic for unusual spikes in HTTP requests. Engaging with Phoenix Contact for firmware updates or official patches is essential, and organizations should plan for timely deployment once available. Additionally, conducting risk assessments to identify all affected devices and considering temporary removal or replacement of vulnerable units in critical environments may be warranted.