CVE-2025-2859
Published: 28 March 2025
Description
Adversaries can use stolen session cookies to authenticate to web applications and services.
Security Summary
CVE-2025-2859 is a critical vulnerability (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) classified under CWE-287 (Improper Authentication), published on 2025-03-28. It affects the Arteches Satech BCU device, where an attacker with network access can capture traffic to obtain user cookies. This enables session hijacking, allowing unauthorized access to the active user session.
An unauthenticated attacker (PR:N) on the network (AV:N) with low complexity (AC:L) and no user interaction (UI:N) required can exploit this by intercepting unencrypted traffic. Successful exploitation grants the attacker the stolen session's privileges, enabling changes to the device via its web interface, with impacts including high confidentiality, integrity, and availability compromise (C:H/I:H/A:H).
The INCIBE-CERT advisory at https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu provides details on this and related vulnerabilities in Arteches Satech BCU, including recommended mitigations such as applying patches or network segmentation where feasible.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Vulnerability enables capture of unencrypted session cookies from network traffic for session hijacking, mapping directly to network sniffing for credential capture, stealing web session cookies, and using stolen cookies as alternate authentication material.