CVE-2025-41693 is a vulnerability in Phoenix Contact's FL SWITCH 2005 network switch product, identified as CWE-770 (Allocation of Resources Without Limits or Throttling). The flaw allows a remote attacker with low privileges to leverage the device's SSH feature to execute commands immediately after login. The commands spawn processes that remain active and consume system resources without proper limits or throttling mechanisms. This leads to resource exhaustion, which degrades the performance of the switch's management functions, although the core switching functionality remains operational. The vulnerability does not require user interaction and can be exploited over the network with low attack complexity. The CVSS v3.1 base score is 4.3, reflecting a medium severity primarily due to its impact on availability of management functions and the ease of exploitation. No patches or known exploits are currently available, and the affected version is listed as 0.0.0, which likely indicates all current versions or a placeholder. The vulnerability was reserved in April 2025 and published in December 2025 by CERTVDE. This issue highlights the risk of insufficient resource management in embedded network devices, potentially enabling denial of service conditions on administrative interfaces.

For European organizations, this vulnerability poses a risk primarily to network management availability rather than core network operations. Organizations relying on Phoenix Contact FL SWITCH 2005 devices for critical infrastructure or industrial control systems could experience degraded management responsiveness, complicating network administration and incident response. While switching functionality remains unaffected, prolonged resource exhaustion could delay configuration changes, monitoring, and troubleshooting, increasing operational risk. Sectors such as manufacturing, energy, and transportation that use these switches in industrial environments may face increased downtime or slower recovery from network incidents. The vulnerability could also be leveraged as part of a multi-stage attack to distract or delay defenders. However, since exploitation requires low privileged SSH access, organizations with strong access controls and network segmentation may reduce exposure. The absence of known exploits limits immediate risk but does not preclude future exploitation.

1. Implement strict access controls on SSH interfaces of FL SWITCH 2005 devices, restricting access to trusted administrators and management networks only. 2. Employ network segmentation and firewall rules to limit exposure of management interfaces to untrusted networks. 3. Monitor SSH login activity and process resource usage on affected devices to detect abnormal command execution or resource consumption patterns. 4. Coordinate with Phoenix Contact for firmware updates or patches addressing this vulnerability; apply them promptly once available. 5. Consider deploying rate limiting or session management controls on SSH services if supported by the device to prevent resource exhaustion. 6. Use multi-factor authentication for SSH access to reduce risk of unauthorized login. 7. Maintain up-to-date asset inventories to identify affected devices and prioritize remediation. 8. Develop incident response plans that include procedures for managing degraded management interfaces due to resource exhaustion attacks.