CVE-2025-2863

High

Published: 28 March 2025

Published

28 March 2025

Modified

10 October 2025

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0015 35.7th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2863 is a high-severity CSRF (CWE-352) vulnerability in Arteche Satech Bcu Firmware. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Account Manipulation (T1098); ranked at the 35.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Account Manipulation (T1098) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-23 Session Authenticity good match

prevent

SC-23 requires mechanisms to protect the authenticity of communications sessions, directly mitigating CSRF by preventing forged requests that exploit active administrator sessions.

SI-10 Information Input Validation good match

prevent

SI-10 mandates validation of information inputs, enabling enforcement of anti-CSRF tokens to block unauthorized requests masquerading as legitimate user actions.

IA-11 Re-authentication partial match

prevent

IA-11 requires re-authentication for privileged operations, reducing CSRF impact by necessitating fresh credentials for sensitive actions like modifying roles or rebooting the device.

MITRE ATT&CK Enterprise TechniquesAI

T1098 Account Manipulation Persistence

Adversaries may manipulate accounts to maintain and/or elevate access to victim systems.

attack.mitre.org →

T1529 System Shutdown/Reboot Impact

Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems.

attack.mitre.org →

Why these techniques?

CSRF allows unauthorized actions on active admin sessions, directly enabling account role/permission changes (T1098 Account Manipulation) and device reboot (T1529 System Shutdown/Reboot).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Cross-site request forgery (CSRF) vulnerability in the web application of saTECH BCU firmware version 2.1.3, which could allow an unauthenticated local attacker to exploit active administrator sessions and perform malicious actions. The malicious actions that can be executed by the…

attacker depend on the logged-in user, and may include rebooting the device or modifying roles and permissions.

Deeper analysisAI

CVE-2025-2863 is a cross-site request forgery (CSRF) vulnerability, mapped to CWE-352, in the web application of saTECH BCU firmware version 2.1.3. Published on 2025-03-28, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts under specific conditions.

An unauthenticated local attacker can exploit this vulnerability by leveraging active administrator sessions in the web application. The attacker tricks the administrator into performing actions via a malicious site or resource, enabling execution of unauthorized requests. Potential impacts depend on the logged-in user's privileges and may include rebooting the device or modifying roles and permissions.

The INCIBE-CERT advisory (https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu) addresses multiple vulnerabilities in Arteche saTECH BCU devices, including this CSRF issue.