CVE-2025-2860

SaTECH BCU in its firmware version 2.1.3, allows an authenticated attacker to access information about the credentials that users have within the web (.xml file). In order to exploit this vulnerability, the attacker must know the path, regardless of the user's privileges on the website.

CVSS

No CVSS.

References

Link	Resource
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu

Configurations

No configuration.

History

28 Mar 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-28 14:15

Updated : 2025-03-28 18:11

NVD link : CVE-2025-2860

Mitre link : CVE-2025-2860

CVE.ORG link : CVE-2025-2860

JSON object : View

Products Affected

No product.

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Show plain JSON

{"id": "CVE-2025-2860", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cve-coordination@incibe.es", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-03-28T14:15:20.967", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu", "source": "cve-coordination@incibe.es"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cve-coordination@incibe.es", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "SaTECH BCU in its firmware version 2.1.3, allows an authenticated attacker to access information about the credentials that users have within the web (.xml file). In order to exploit this vulnerability, the attacker must know the path, regardless of the user's privileges on the website."}], "lastModified": "2025-03-28T18:11:40.180", "sourceIdentifier": "cve-coordination@incibe.es"}

{

id : CVE-2025-2860 (string)

cveTags : [ *empty* ]

metrics : { »

cvssMetricV40 : [ »

0 : { »

type : Secondary (string)

source : cve-coordination@incibe.es (string)

cvssData : { »

Safety : NOT_DEFINED (string)

version : 4.0 (string)

Recovery : NOT_DEFINED (string)

baseScore : 6.9 (number)

Automatable : NOT_DEFINED (string)

attackVector : ADJACENT (string)

baseSeverity : MEDIUM (string)

valueDensity : NOT_DEFINED (string)

vectorString : CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X (string)

exploitMaturity : NOT_DEFINED (string)

providerUrgency : NOT_DEFINED (string)

userInteraction : NONE (string)

attackComplexity : LOW (string)

attackRequirements : NONE (string)

privilegesRequired : LOW (string)

subIntegrityImpact : NONE (string)

vulnIntegrityImpact : NONE (string)

integrityRequirement : NOT_DEFINED (string)

modifiedAttackVector : NOT_DEFINED (string)

subAvailabilityImpact : NONE (string)

vulnAvailabilityImpact : NONE (string)

availabilityRequirement : NOT_DEFINED (string)

modifiedUserInteraction : NOT_DEFINED (string)

modifiedAttackComplexity : NOT_DEFINED (string)

subConfidentialityImpact : NONE (string)

vulnConfidentialityImpact : HIGH (string)

confidentialityRequirement : NOT_DEFINED (string)

modifiedAttackRequirements : NOT_DEFINED (string)

modifiedPrivilegesRequired : NOT_DEFINED (string)

modifiedSubIntegrityImpact : NOT_DEFINED (string)

modifiedVulnIntegrityImpact : NOT_DEFINED (string)

vulnerabilityResponseEffort : NOT_DEFINED (string)

modifiedSubAvailabilityImpact : NOT_DEFINED (string)

modifiedVulnAvailabilityImpact : NOT_DEFINED (string)

modifiedSubConfidentialityImpact : NOT_DEFINED (string)

modifiedVulnConfidentialityImpact : NOT_DEFINED (string)

}

]

}

published : 2025-03-28T14:15:20.967 (string)

references : [ »

0 : { »

url : https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu (string)

source : cve-coordination@incibe.es (string)

}

]

vulnStatus : Awaiting Analysis (string)

weaknesses : [ »

0 : { »

type : Primary (string)

source : cve-coordination@incibe.es (string)

description : [ »

0 : { »

lang : en (string)

value : CWE-200 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : SaTECH BCU in its firmware version 2.1.3, allows an authenticated attacker to access information about the credentials that users have within the web (.xml file). In order to exploit this vulnerability, the attacker must know the path, regardless of the user's privileges on the website. (string)

}

]

lastModified : 2025-03-28T18:11:40.180 (string)

sourceIdentifier : cve-coordination@incibe.es (string)

}

CVE-2025-2860

JSON object

Attach tags to CVE-2025-2860

Attach tags to `CVE-2025-2860`