CVE-2025-2859

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-2859
An attacker with network access, could capture traffic and obtain user cookies, allowing the attacker to steal the active user session and make changes to the device via web, depending on the privileges obtained by the user.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:arteche:satech_bcu_firmware:2.1.3:*:*:*:*:*:*:*
cpe:2.3:h:arteche:satech_bcu:-:*:*:*:*:*:*:*
History

10 Oct 2025, 16:40

Type Values Removed Values Added
CPE cpe:2.3:h:arteche:satech_bcu:-:*:*:*:*:*:*:*
cpe:2.3:o:arteche:satech_bcu_firmware:2.1.3:*:*:*:*:*:*:*
First Time Arteche satech Bcu Firmware
Arteche
Arteche satech Bcu
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
References () https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu - () https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu - Third Party Advisory

04 Apr 2025, 13:15

Type Values Removed Values Added
Summary
  • (es) Un atacante con acceso a la red donde se encuentra el dispositivo vulnerable podría capturar tráfico y obtener cookies del usuario, lo que le permitiría robar la sesión activa de un usuario y realizar cambios en el dispositivo vía web, dependiendo de los privilegios obtenidos por el usuario.
Summary (en) An attacker with access to the network where the vulnerable device is located could capture traffic and obtain cookies from the user, allowing them to steal a user's active session and make changes to the device via the web, depending on the privileges obtained by the user. (en) An attacker with network access, could capture traffic and obtain user cookies, allowing the attacker to steal the active user session and make changes to the device via web, depending on the privileges obtained by the user.

28 Mar 2025, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-28 14:15

Updated : 2025-10-10 16:40

NVD link : CVE-2025-2859

Mitre link : CVE-2025-2859

CVE.ORG link : CVE-2025-2859

JSON object : View

Products Affected

arteche

  • satech_bcu
  • satech_bcu_firmware
CWE
CWE-287

Improper Authentication