Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-2859

An attacker with network access, could capture traffic and obtain user cookies, allowing the attacker to steal the active user session and make changes to the device via web, depending on the privileges obtained by the user.

Published

2025-03-28T14:15:20.810

Last Modified

2025-10-10T16:40:38.497

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	arteche	satech_bcu_firmware	2.1.3	Yes
Hardware	arteche	satech_bcu	-	No

References

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu Third Party Advisory ([email protected])