Unrated severityNVD Advisory· Published Mar 28, 2025· Updated Mar 28, 2025

Reflected Cross-Site Scripting (XSS) vulnerability in saTECH BCU

CVE-2025-2865

Description

SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a malicious request to the victim users. Through this request, the victims would interpret the code (resources) stored on another malicious website owned by the attacker.

Affected products

SaTECH/BCUllm-create
Range: =2.1.3
Arteche/saTECH BCUv5
Range: 2.1.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcumitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000