CVE-2025-2865: Reflected Cross-Site Scripting (XSS) vulnerability in saTECH BCU

2.4 CVSS

Description

SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a malicious request to the victim users. Through this request, the victims would interpret the code (resources) stored on another malicious website owned by the attacker.

Classification

CVE ID: CVE-2025-2865

CVSS Base Severity: LOW

CVSS Base Score: 2.4

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Problem Types

CWE-942: Permissive Cross-domain Policy with Untrusted Domains

Affected Products

Vendor: Arteche

Product: saTECH BCU

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 1.82% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-2865
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu

Timeline

2025-03-28 14:40:12 UTC
CVE

Reflected Cross-Site Scripting (XSS) vulnerability in saTECH BCU