VYPR
← All advisories
High severity7.8NVD Advisory· Published May 27, 2026

CVE-2025-41670

CVE-2025-41670

Description

A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or application-related files located in user-writable areas of the filesystem. The affected service processes data from locations that are not sufficiently protected against modification by low-privileged users. As the service runs with elevated privileges, successful exploitation may result in a local privilege escalation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A local low-privilege user can manipulate configuration files in writable directories to influence a privileged service, leading to local privilege escalation on Phoenix Contact PLCnext firmware prior to 2026.0.3.

Vulnerability

The vulnerability exists in Phoenix Contact PLCnext firmware versions prior to 2026.0.3 [1]. A local user with low privileges can manipulate configuration or application files located in user-writable areas of the filesystem. The affected privileged service processes data from these locations without sufficient protection against modification by low-privileged users, allowing the attacker to influence the service's behavior.

Exploitation

An attacker requires local access to the system with low privileges. The attacker can modify configuration or application files in writable directories. The privileged service then reads and acts upon these modified files, executing actions with elevated privileges. No additional user interaction is needed beyond the initial local access.

Impact

Successful exploitation results in local privilege escalation. The attacker can execute arbitrary code or alter system behavior with elevated permissions, compromising the integrity and availability of the PLCnext Control system [1].

Mitigation

The issue is resolved in PLCnext firmware version 2026.0.3, released on 2026-05-27 [1]. Users should upgrade to this version or later. No workarounds are documented in the available references.

References
  1. Phoenix Contact: PLCnext Firmware Security Issues Related to APPs and Configuration Files

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.