CVE-2025-2860

Name of the Vulnerable Software and Affected Versions SaTECH BCU version 2.1.3

Description The issue allows an authenticated attacker to access information about user credentials within the web, specifically through an .xml file. To exploit this, the attacker must know the path, and this can be done regardless of the user's privileges on the website.

Recommendations For SaTECH BCU version 2.1.3, consider restricting access to the .xml file that contains user credentials until a patch is available. As a temporary workaround, limit the privileges of authenticated users to minimize the risk of exploitation.