CVE-2025-2864 – CVE-2025-2864 is a reflected cross-site scripti... (How to Fix)

Q: What is the severity of CVE-2025-2864?

CVE-2025-2864 has a CVSS score of 6.1 (MEDIUM). CVE-2025-2864 is a reflected cross-site scripting (XSS) vulnerability in SaTECH BCU firmware version 2.1.3 that allows attackers to inject malicious scripts into legitimate websites controlling the device. This affects users accessing the BCU web interface through their browsers. The attack requires cookie manipulation and only impacts the victim's browser session.

📋 TL;DR

CVE-2025-2864 is a reflected cross-site scripting (XSS) vulnerability in SaTECH BCU firmware version 2.1.3 that allows attackers to inject malicious scripts into legitimate websites controlling the device. This affects users accessing the BCU web interface through their browsers. The attack requires cookie manipulation and only impacts the victim's browser session.

💻 Affected Systems

Products:

SaTECH BCU

Versions: 2.1.3

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the web interface component; requires user interaction with malicious link.

📦 What is this software?

Satech Bcu Firmware by Arteche

View all CVEs affecting Satech Bcu Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker steals session cookies, hijacks administrative sessions, performs unauthorized device configuration changes, or redirects users to malicious sites.

🟠

Likely Case

Session hijacking leading to unauthorized access to the BCU web interface and potential device configuration changes.

🟢

If Mitigated

Limited impact with proper input validation and output encoding in place; attacker gains no persistent access.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires cookie manipulation and user interaction; reflected XSS typically has low exploitation complexity.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified

Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu

Restart Required: Yes

Instructions:

1. Monitor vendor for firmware updates. 2. Apply patch when available. 3. Restart device after patching.

🔧 Temporary Workarounds

Implement Content Security Policy

all

Add CSP headers to restrict script execution sources

Add 'Content-Security-Policy: default-src 'self'' to web server headers

Input Validation Filtering

all

Implement server-side input validation and output encoding

Implement proper HTML encoding for all user inputs before rendering

🧯 If You Can't Patch

Restrict network access to BCU web interface using firewall rules
Implement web application firewall (WAF) with XSS protection rules

🔍 How to Verify

Check if Vulnerable:

Test web interface with XSS payloads in cookie parameters; check if scripts execute in browser.

Check Version:

Check firmware version in web interface settings or via device console.

Verify Fix Applied:

Retest with XSS payloads after applying fixes; verify scripts do not execute.

📡 Detection & Monitoring

Log Indicators:

Unusual cookie parameter values in web server logs
Multiple failed login attempts with suspicious parameters

Network Indicators:

HTTP requests with suspicious cookie values containing script tags
Unusual traffic patterns to BCU web interface

SIEM Query:

source="web_logs" AND (uri="*<script>*" OR cookie="*<script>*")

📊 Metadata

CVE ID: CVE-2025-2864

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.17% exploit probability (37.9th percentile)

Published: March 28, 2025

Last Updated: October 10, 2025

🔗 References

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-2864, you might also want to check these: