CVE-2025-41703 is a vulnerability identified in the Phoenix Contact QUINT4-UPS/24DC/24DC/5/EIP uninterruptible power supply (UPS) device. The root cause is a missing authentication mechanism (CWE-306) for critical functions accessible via the Modbus protocol, a widely used industrial communication protocol. Specifically, an unauthenticated remote attacker can send Modbus commands to the UPS to turn off its output, effectively causing a denial of service by cutting power to connected systems. The vulnerability affects version VC:00 of the product and was published on October 14, 2025. The CVSS v3.1 base score is 7.5 (high), with vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating network attack vector, low attack complexity, no privileges or user interaction required, unchanged scope, no confidentiality or integrity impact, but high impact on availability. No patches or exploits in the wild are currently reported. The vulnerability is critical in environments where continuous power supply is essential, such as industrial automation, manufacturing plants, and critical infrastructure. The lack of authentication on Modbus commands means that any attacker with network access to the device can disrupt power delivery, potentially causing operational downtime and safety risks. The vulnerability highlights the importance of securing industrial control devices and protocols that traditionally lack robust security controls.

The primary impact of CVE-2025-41703 is a denial of service condition caused by an attacker remotely disabling the UPS output. For European organizations, especially those in industrial sectors such as manufacturing, energy, transportation, and critical infrastructure, this can lead to significant operational disruptions. Loss of UPS output can cause immediate power loss to critical systems, leading to downtime, data loss, and potential safety hazards. The impact is particularly severe in environments relying on these UPS devices for power conditioning and backup, including factories, data centers, and control systems. Additionally, the lack of authentication means that attackers do not need credentials or user interaction, increasing the risk of exploitation if the device is exposed or accessible on internal networks. This vulnerability could be leveraged in targeted attacks or as part of broader campaigns aiming to disrupt industrial operations within Europe. The reputational damage and financial losses from such outages could be substantial, especially for organizations with stringent uptime requirements or regulatory obligations.

To mitigate CVE-2025-41703, organizations should implement the following specific measures: 1) Immediately restrict network access to the affected UPS devices by isolating them on dedicated management VLANs or physically separate networks to prevent unauthorized Modbus traffic. 2) Employ firewall rules or access control lists (ACLs) to limit Modbus protocol communication only to trusted management stations or control systems. 3) Monitor network traffic for unusual or unauthorized Modbus commands targeting the UPS devices, using intrusion detection systems (IDS) or specialized industrial protocol monitoring tools. 4) Where possible, disable Modbus services on the UPS if not required or configure devices to require authentication or encrypted communication, if supported by firmware updates or vendor guidance. 5) Engage with Phoenix Contact for firmware updates or patches addressing this vulnerability and apply them promptly once available. 6) Conduct regular security assessments of industrial control networks to identify exposed devices and ensure compliance with security best practices. 7) Train operational technology (OT) staff on recognizing and responding to potential attacks targeting UPS and power management devices. These targeted actions go beyond generic advice by focusing on network segmentation, access restrictions, and active monitoring tailored to the industrial environment and the specific vulnerability vector.