← Back to CVEs
CVE-2025-2860
MEDIUM5.3
Description
SaTECH BCU in its firmware version 2.1.3, allows an authenticated attacker to access information about the credentials that users have within the web (.xml file). In order to exploit this vulnerability, the attacker must know the path, regardless of the user's privileges on the website.
CVE Details
CVSS v3.1 Score5.3
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack VectorNETWORK
ComplexityHIGH
Privileges RequiredLOW
User InteractionNONE
Published3/28/2025
Last Modified10/10/2025
Sourcenvd
Honeypot Sightings0
Affected Products
arteche:satech_bcuarteche:satech_bcu_firmware
Weaknesses (CWE)
CWE-200
References
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu(cve-coordination@incibe.es)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.