CVE-2025-2860 MEDIUM

CVE-2025-2860: Exposure of Sensitive Information vulnerability in saTECH BCU

Vendor Arteche
Product saTECH BCU
Weakness CWE-200 · Info exposure
Published March 28, 2025
Last update March 28, 2025

CVSS base score

6.9/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

SaTECH BCU in its firmware version 2.1.3, allows an authenticated attacker to access information about the credentials that users have within the web (.xml file). In order to exploit this vulnerability, the attacker must know the path, regardless of the user's privileges on the website.

Key dates

02Disclosure timeline

March 28, 2025 CVE published
March 28, 2025 Record updated