CVE-2025-2864

EPSS 0.04%
Veröffentlicht 28.03.2025 13:23:41
Zuletzt bearbeitet 10.10.2025 16:31:35
Quelle cve-coordination@incibe.es
CVE-Watchlists
Login
Unerledigt
Login

SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the legitimate website owning the affected device, once the cookie is set. This attack only impacts the victim's browser (reflected XSS).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Arteche ≫ Satech Bcu Firmware Version2.1.3

Arteche ≫ Satech Bcu Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.112

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cve-coordination@incibe.es	2	0	0	CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-2864

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-2864

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-2864

EUVD