CVE-2025-25613
Last modified
CVE-2025-25613 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45, with 2 x 1Gb SFP, Fanless. All versions before 2.2.0D Build 135103 were discovered to transmit cookies for their web based administrative application containing usernames and passwords. EPSS estimates a 0.24% chance of exploitation in the next 30 days.
Description
FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45, with 2 x 1Gb SFP, Fanless. All versions before 2.2.0D Build 135103 were discovered to transmit cookies for their web based administrative application containing usernames and passwords. These were transmitted in cleartext using simple base64 encoding during every POST request made to the server.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Fs | S3150-8t2f Firmware | < 2.2.0D |
References
- http://fs.comProduct
- http://s3150-8t2f.comBroken Link
- https://github.com/SwiftSecur/S3150-8T2F-FS.com-Research/wikiExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-25613?
How severe is CVE-2025-25613?
How do I fix CVE-2025-25613?
Are you affected by CVE-2025-25613?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST