CVE-2025-2859 MEDIUM

CVE-2025-2859: Improper Authentication vulnerability in saTECH BCU

Vendor Arteche
Product saTECH BCU
Weakness CWE-287 · Improper authentication
Published March 28, 2025
Last update April 4, 2025

CVSS base score

6.9/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

An attacker with network access, could capture traffic and obtain user cookies, allowing the attacker to steal the active user session and make changes to the device via web, depending on the privileges obtained by the user.

Key dates

02Disclosure timeline

March 28, 2025 CVE published
April 4, 2025 Record updated