CVE-2025-2861

High

Published: 28 March 2025

Published

28 March 2025

Modified

10 October 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0017 37.9th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2861 is a high-severity Cleartext Transmission of Sensitive Information (CWE-319) vulnerability in Arteche Satech Bcu Firmware. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 37.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-17 (Remote Access) and SC-13 (Cryptographic Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Adversary-in-the-Middle (T1557) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-8 Transmission Confidentiality and Integrity good match

prevent

Requires confidentiality and integrity protection for transmitted information, directly preventing interception of plaintext credentials over HTTP.

SC-13 Cryptographic Protection good match

prevent

Mandates cryptographic mechanisms to protect confidentiality of information during transmission, mitigating unencrypted HTTP web interface communications.

AC-17 Remote Access good match

prevent

Enforces security safeguards for remote access, including encryption of web management sessions to counter man-in-the-middle credential capture.

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access

Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.

attack.mitre.org →

T1078 Valid Accounts Stealth

Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.

attack.mitre.org →

Why these techniques?

Vulnerability enables MITM interception of cleartext credentials over HTTP (T1557), which are then used for unauthorized login via valid accounts (T1078).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol. The use of the HTTP protocol for web browsing has the problem that information is exchanged in unencrypted text. Since sensitive data such as credentials are exchanged, an attacker…

could obtain them and log in legitimately.

Deeper analysisAI

CVE-2025-2861 is a vulnerability in the SaTECH BCU firmware version 2.1.3, where the web interface uses the HTTP protocol instead of a secure alternative. This results in the exchange of sensitive information, such as credentials, in unencrypted plaintext during web browsing sessions. Classified under CWE-319 (Cleartext Transmission of Sensitive Information), the issue carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), highlighting high confidentiality impact with network accessibility and low attack complexity.

Any attacker with access to the network traffic between a user and the affected device can exploit this vulnerability without requiring privileges or user interaction. By performing a man-in-the-middle interception, the attacker can capture transmitted credentials and subsequently log in legitimately to the SaTECH BCU, potentially gaining unauthorized access to its functions.

The INCIBE-CERT advisory at https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu details this and other vulnerabilities in Artech's SaTECH BCU, providing guidance on mitigations for affected deployments.