CVE-2025-2860

Exposure of Sensitive Information vulnerability in saTECH BCU

CVSS 6.9 MEDIUMEPSS 0.3%CWE-200

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 6.9EPSS 0.3%KEV nãoPoC —Patch —

Lifecycle

Mar 28, 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

SaTECH BCU in its firmware version 2.1.3, allows an authenticated attacker to access information about the credentials that users have within the web (.xml file). In order to exploit this vulnerability, the attacker must know the path, regardless of the user's privileges on the website.

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected products

Arteche · saTECH BCU

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu