CVE-2025-2864

MEDIUM

SaTECH BCU Firmware 2.1.3 - Reflected Cross-Site Scripting

Title source: llm
STIX 2.1

Description

SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the legitimate website owning the affected device, once the cookie is set. This attack only impacts the victim's browser (reflected XSS).

Scores

CVSS v3 6.1
EPSS 0.0022
EPSS Percentile 11.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
arteche/satech_bcu_firmware 2.1.3
Published Mar 28, 2025
Tracked Since Feb 18, 2026