CVE-2025-2860

EPSS 0.29%
Veröffentlicht 28.03.2025 13:10:44
Zuletzt bearbeitet 10.10.2025 16:40:16
Quelle cve-coordination@incibe.es
CVE-Watchlists
Login
Unerledigt
Login

Exposure of Sensitive Information vulnerability in saTECH BCU

SaTECH BCU in its firmware version 2.1.3, allows an authenticated attacker to access information about the credentials that users have within the web (.xml file). In order to exploit this vulnerability, the attacker must know the path, regardless of the user's privileges on the website.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Arteche ≫ Satech Bcu Firmware Version2.1.3

Arteche ≫ Satech Bcu Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.29%	0.202

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	1.6	3.6	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
cve-coordination@incibe.es	6.9	0	0	CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-2860

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-2860

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-2860

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-2860