Unrated severityNVD Advisory· Published Mar 28, 2025· Updated Mar 28, 2025

Reflected Cross-Site Scripting (XSS) vulnerability in saTECH BCU

CVE-2025-2864

Description

SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the legitimate website owning the affected device, once the cookie is set. This attack only impacts the victim's browser (reflected XSS).

Affected products

SaTECH/BCUllm-fuzzy
Range: = 2.1.3
Arteche/saTECH BCUv5
Range: 2.1.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcumitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000