CVE-2025-2859CRITICAL 9.8EPSS p29.9%

CVE-2025-2859CVE-2025-2859

Description

An attacker with network access, could capture traffic and obtain user cookies, allowing the attacker to steal the active user session and make changes to the device via web, depending on the privileges obtained by the user.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.38% probability of exploitation · percentile 29.9% · 2026-06-19T12:03:05Z
Published2025-03-28
Last modified2025-10-10

Underlying weaknesses· 1

CWE-287

References

  1. https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu

1

TypeTargetConfidenceTier
WeaknessImproper Authenticationcwe-2870%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-40805
CVE
CVE-2025-52689
CVE
CVE-2025-3090
CVE
CVE-2025-25270
CVE
CVE-2025-48469
CVE
CVE-2025-41651
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.