CVE-2025-2865

Low CVSS: 2.4

SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a malicious request to the victim users. Through this request, the victims would interpret the code (resources) stored on another malicious website owned by the attacker.

Vendor

Arteche

Product

Satech Bcu Firmware

CWE

CWE-942

Yayın Tarihi

2025-03-28 14:15:21

Güncelleme

2025-10-10 16:19:01

Source Identifier

cve-coordination@incibe.es

KEV Date Added

Kategoriler

CWE-942 Satech Bcu Firmware LOW Arteche 2025

Referanslar

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu

Benzer Kayıtlar

Medium

CVE-2025-2861

SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol. The use of the HTTP protocol for web browsing has the p…

Medium

CVE-2025-2862

SaTECH BCU, in its firmware version 2.1.3, performs weak password encryption. This allows an attacker with access to the…

Medium

CVE-2025-2863

Cross-site request forgery (CSRF) vulnerability in the web application of saTECH BCU firmware version 2.1.3, which could…

Low

CVE-2025-2864

SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the legitimate website owning…

High

CVE-2025-2858

Privilege escalation vulnerability in the saTECH BCU firmware version 2.1.3. An attacker with access to the CLI of the d…

Medium

CVE-2025-2859

An attacker with network access, could capture traffic and obtain user cookies, allowing the attacker to steal the activ…