CVE-2025-2865 LOW

CVE-2025-2865: Reflected Cross-Site Scripting (XSS) vulnerability in saTECH BCU

Vendor Arteche
Product saTECH BCU
Weakness CWE-942
Published March 28, 2025
Last update March 28, 2025

CVSS base score

2.4/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a malicious request to the victim users. Through this request, the victims would interpret the code (resources) stored on another malicious website owned by the attacker.

Key dates

02Disclosure timeline

March 28, 2025 CVE published
March 28, 2025 Record updated