CVE-2025-2863
Published: 28 March 2025
Description
Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems.
Security Summary
CVE-2025-2863 is a cross-site request forgery (CSRF) vulnerability, mapped to CWE-352, in the web application of saTECH BCU firmware version 2.1.3. Published on 2025-03-28, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts under specific conditions.
An unauthenticated local attacker can exploit this vulnerability by leveraging active administrator sessions in the web application. The attacker tricks the administrator into performing actions via a malicious site or resource, enabling execution of unauthorized requests. Potential impacts depend on the logged-in user's privileges and may include rebooting the device or modifying roles and permissions.
The INCIBE-CERT advisory (https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu) addresses multiple vulnerabilities in Arteche saTECH BCU devices, including this CSRF issue.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
CSRF allows unauthorized actions on active admin sessions, directly enabling account role/permission changes (T1098 Account Manipulation) and device reboot (T1529 System Shutdown/Reboot).