CVE-2026-25072
Published: 07 March 2026
Summary
CVE-2026-25072 is a critical-severity Use of Insufficiently Random Values (CWE-330) vulnerability in Seekswan Zikestor Sks8310-8X Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 42.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-23 (Session Authenticity).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely remediation of the specific flaw in firmware versions 1.04.B07 and prior, eliminating the predictable session identifier vulnerability.
Directly protects against session hijacking by ensuring the authenticity of communications sessions, countering predictable session identifiers.
Mandates generation of authenticators, such as session cookies, with sufficient strength and randomness to prevent prediction and hijacking.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows remote, unauthenticated attackers to predict session identifiers and hijack authenticated web sessions on the network switch's management interface, directly enabling exploitation of a public-facing application.
NVD Description
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint that allows remote attackers to hijack authenticated sessions. Attackers can predict session identifiers using insufficiently random cookie values and exploit exposed…
more
session parameters in URLs to gain unauthorized access to authenticated user sessions.
Deeper analysisAI
CVE-2026-25072 is a predictable session identifier vulnerability (CWE-330) affecting the firmware of XikeStor SKS8310-8X Network Switch devices, specifically versions 1.04.B07 and prior. The issue resides in the /goform/SetLogin endpoint, where session identifiers are generated using insufficiently random cookie values. This allows attackers to predict session IDs and exploit exposed session parameters in URLs, enabling the hijacking of authenticated user sessions. The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with high confidentiality, integrity, and availability impacts.
Remote attackers require no privileges, authentication, or user interaction to exploit this vulnerability over the network. By predicting session identifiers from the weak randomness in cookies and leveraging URL-exposed parameters, attackers can impersonate legitimate users and gain unauthorized access to authenticated sessions on the affected switch. Successful exploitation grants full control over the hijacked session, potentially allowing configuration changes, data access, or other administrative actions depending on the victim's permissions.
The provided references include an OpenWRT table of hardware entry for the XikeStor SKS8310-8X and an AliExpress product listing, but no specific advisories, patches, or mitigation guidance are detailed in the available information. Security practitioners should monitor for firmware updates from the vendor and consider network segmentation or session management best practices until patches are confirmed.
Details
- CWE(s)