CVE-2026-25085
Published: 27 February 2026
Summary
CVE-2026-25085 is a high-severity Unexpected Status Code or Return Value (CWE-394) vulnerability in Copeland Xweb 500B Pro Firmware. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 29.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 IA-2 (Identification and Authentication (Organizational Users)) and SI-11 (Error Handling).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires identification, reporting, and correction of the specific authentication bypass flaw through timely patching of affected Copeland XWEB Pro versions.
Mandates proper error handling to prevent processing unexpected return values from authentication routines as legitimate, directly countering CWE-394 in this vulnerability.
Enforces robust identification and authentication mechanisms to mitigate authentication bypass vulnerabilities in system access controls.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is an authentication bypass in a public-facing web application (XWEB Pro), directly enabling remote exploitation without credentials, matching T1190: Exploit Public-Facing Application.
NVD Description
A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in which an unexpected return value from the authentication routine is later on processed as a legitimate value, resulting in an authentication bypass.
Deeper analysisAI
CVE-2026-25085 is an authentication bypass vulnerability (CWE-394: Unexpected Return Value or Reference) in Copeland XWEB Pro version 1.12.1 and prior. The flaw occurs when an unexpected return value from the authentication routine is processed as a legitimate value, enabling attackers to circumvent authentication mechanisms without valid credentials.
The vulnerability carries a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L), making it exploitable over the network by unauthenticated attackers with low attack complexity and no user interaction. Exploitation allows high-impact unauthorized access to confidential data, alongside low-impact modifications to integrity and availability.
CISA's ICS Advisory ICSA-26-057-10 and Copeland's system software update page provide mitigation details, including patch availability. Security practitioners should review these resources for update instructions and apply them promptly to affected systems.
Details
- CWE(s)