CVE-2025-70973

Name of the Vulnerable Software and Affected Versions ScadaBR version 1.12.4

Description The application assigns a JSESSIONID session cookie to unauthenticated users and does not regenerate the session identifier after successful authentication. This allows an attacker who knows the session ID to hijack an authenticated session. The issue is related to session fixation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.