Cross-Site Request Forgery in saTECH BCU Firmware
CVE-2025-2863

5.7MEDIUM

Key Information:

Vendor: Arteche
Status: Satech Bcu
Vendor: CVE Published:; 28 March 2025

What is CVE-2025-2863?

A cross-site request forgery vulnerability exists in the web application of the saTECH BCU firmware version 2.1.3. This security issue allows an unauthenticated local attacker to exploit active administrator sessions, performing unauthorized actions based on the permissions of the logged-in user. Potential exploits may include rebooting the device or modifying user roles and permissions, thereby compromising the integrity and functionality of the device.

Affected Version(s)

saTECH BCU 2.1.3

References

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/mu...

CVSS V4

Score:

5.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 28, 2025
Vulnerability Reserved
Mar 27, 2025

Credit

Aarón Flecha

Gabriel Vía Echezarreta