CVE-2025-2864 LOW

CVE-2025-2864: Reflected Cross-Site Scripting (XSS) vulnerability in saTECH BCU

Vendor Arteche

Product saTECH BCU

Weakness CWE-79 · XSS

Published March 28, 2025

Last update March 28, 2025

View on NVD All CVEs

CVSS base score

2.0/10

Attack vector Adjacent

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the legitimate website owning the affected device, once the cookie is set. This attack only impacts the victim's browser (reflected XSS).

Key dates

02Disclosure timeline

March 28, 2025 CVE published

March 28, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-2864 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2021-24468 Leaflet Map < 3.0.0 - Contributor+ Stored XSS CVE-2025-53631 flaskBlog XSS Vulnerability in postContent CVE-2024-37936 WordPress Tabs For WPBakery Page Builder plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability CVE-2025-11863 My Geo Posts Free <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2023-32118 WordPress SALERT Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)