Unrated severityNVD Advisory· Published Mar 7, 2026· Updated Mar 10, 2026

XikeStor SKS8310-8X Predictable Session Identifiers

CVE-2026-25072

Description

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint that allows remote attackers to hijack authenticated sessions. Attackers can predict session identifiers using insufficiently random cookie values and exploit exposed session parameters in URLs to gain unauthorized access to authenticated user sessions.

Affected products

XikeStor/SKS8310-8Xllm-fuzzy
Range: <= 1.04.B07
Anhui Seeker Electronic Technology Co., LTD./XikeStor SKS8310-8Xv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

openwrt.org/toh/xikestor/sks8310-8xmitreproduct
www.aliexpress.com/i/3256808697772710.htmlmitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000