CVE-2025-2858

Published Mar 28, 2025

Last updated 8 days ago

Overview

Description: Privilege escalation vulnerability in the saTECH BCU firmware version 2.1.3. An attacker with access to the CLI of the device could make use of the nice command to bypass all restrictions and elevate privileges as a superuser.
Source: cve-coordination@incibe.es
NVD status: Awaiting Analysis

Risk scores

CVSS 4.0

Type: Secondary
Base score: 8.5
Impact score: -
Exploitability score: -
Vector string: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity: HIGH

Weaknesses

cve-coordination@incibe.es: CWE-269

Hype score: Not currently trending

[CVE-2025-2858: HIGH] Critical privilege escalation vulnerability in saTECH BCU firmware 2.1.3 allows attackers CLI access to escalate to superuser using the nice command. Immediate patch required.#cybersecurity,#vulnerability https://t.co/C69Q2YCfoq https://t.co/dr2bUTE34t
@CveFindCom
28 Mar 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

References