Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-2860

SaTECH BCU in its firmware version 2.1.3, allows an authenticated attacker to access information about the credentials that users have within the web (.xml file). In order to exploit this vulnerability, the attacker must know the path, regardless of the user's privileges on the website.

Published

2025-03-28T14:15:20.967

Last Modified

2025-10-10T16:40:16.290

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	arteche	satech_bcu_firmware	2.1.3	Yes
Hardware	arteche	satech_bcu	-	No

References

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu Third Party Advisory ([email protected])