CVE-2026-25608
Description
STER uses unencrypted TCP traffic to transmit data over the network. It allows an attacker to conduct a Man-In-The-Middle attack and obtain sensitive data such as passwords, personal data, or authentication tokens.
This issue was fixed in version 9.5.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
STER uses unencrypted TCP traffic, enabling MITM attacks that expose passwords, personal data, or authentication tokens.
Vulnerability
STER, the Computer System Supporting Occupational Safety and Health Management, transmits data over the network using unencrypted TCP traffic. All versions below 9.5 are affected. This design weakness allows an attacker positioned on the network path to intercept communications without any additional configuration beyond network proximity [1].
Exploitation
An attacker with a Man-In-The-Middle (MITM) position on the network can capture unencrypted TCP traffic between the STER client and server. The attacker does not need authentication or user interaction beyond normal system operation. The plaintext data can be passively collected or actively relayed [1].
Impact
Successful exploitation enables the attacker to obtain sensitive data such as passwords, personal data, or authentication tokens. This results in a loss of confidentiality for all transmitted information, potentially leading to further compromise of user accounts or systems [1].
Mitigation
The vulnerability was fixed in STER version 9.5. All users should upgrade to version 9.5 or later to enforce encrypted communication. No workaround is available for earlier versions [1][2].
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.