CVE-2025-2863

Name of the Vulnerable Software and Affected Versions saTECH BCU firmware version 2.1.3

Description The issue is related to a cross-site request forgery (CSRF) vulnerability in the web application, which could allow an unauthenticated local attacker to exploit active administrator sessions and perform malicious actions. The malicious actions that can be executed by the attacker depend on the logged-in user, and may include rebooting the device or modifying roles and permissions.

Recommendations For saTECH BCU firmware version 2.1.3, consider implementing additional security measures to prevent CSRF attacks, such as validating requests to ensure they come from an authentic source, until a patch is available. As a temporary workaround, restrict access to the web application to minimize the risk of exploitation.