CVE-2025-13926

Critical

Published: 09 April 2026

Published

09 April 2026

Modified

13 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0010 27.4th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-13926 is a critical-severity Reliance on Untrusted Inputs in a Security Decision (CWE-807) vulnerability in Ccontrols (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Sniffing (T1040); ranked at the 27.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SC-8 (Transmission Confidentiality and Integrity).

Threat & Defense at a Glance

What attackers do: exploitation maps to Network Sniffing (T1040) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-8 Transmission Confidentiality and Integrity good match

prevent

Protects network transmissions with confidentiality and integrity, preventing attackers from sniffing traffic to capture data needed for forging packets.

SI-10 Information Input Validation good match

prevent

Validates all information inputs including forged packets, directly addressing CWE-807 reliance on untrusted inputs in security decisions.

SC-23 Session Authenticity good match

prevent

Verifies the authenticity of communication sessions, blocking forged packets used to issue arbitrary requests to the device.

MITRE ATT&CK Enterprise TechniquesAI

T1040 Network Sniffing Credential Access

Adversaries may passively sniff network traffic to capture information about an environment, including authentication material passed over the network.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Vuln directly enables network sniffing (T1040) to capture traffic and unauthenticated remote packet forgery for arbitrary device control (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An attacker could use data obtained by sniffing the network traffic to forge packets in order to make arbitrary requests to Contemporary Controls BASC 20T.

Deeper analysisAI

CVE-2025-13926 is a high-severity vulnerability (CVSS 3.1 score: 9.8, AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) in the Contemporary Controls BASC-20T device, published on 2026-04-09. The issue, tied to CWE-807 (Reliance on Untrusted Inputs In a Security Decision), enables an attacker to sniff network traffic, capture necessary data, and forge packets to issue arbitrary requests to the device.

A remote network attacker requires no privileges, authentication, or user interaction to exploit this vulnerability. By forging packets based on sniffed traffic, the attacker can achieve high-impact compromise of confidentiality, integrity, and availability, potentially leading to full control over the BASC-20T device.

Mitigation guidance is detailed in CISA ICS Advisory ICSA-26-099-01 (https://www.cisa.gov/news-events/ics-advisories/icsa-26-099-01), the associated CSAF JSON file (https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-099-01.json), and Contemporary Controls' technical support page (https://www.ccontrols.com/support/contacttech.htm). Security practitioners should consult these resources for patches, workarounds, and configuration recommendations.