{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-14T15:24:28.608","vulnerabilities":[{"cve":{"id":"CVE-2025-2858","sourceIdentifier":"cve-coordination@incibe.es","published":"2025-03-28T14:15:20.650","lastModified":"2025-10-15T16:52:22.527","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Privilege escalation vulnerability in the saTECH BCU firmware version 2.1.3. An attacker with access to the CLI of the device could make use of the nice command to bypass all restrictions and elevate privileges as a superuser."},{"lang":"es","value":"Vulnerabilidad de escalada de privilegios en la versión 2.1.3 del firmware de saTECH BCU. Un atacante con acceso a la CLI del dispositivo podría usar el comando nice para eludir todas las restricciones y elevar privilegios como superusuario."}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:arteche:satech_bcu_firmware:2.1.3:*:*:*:*:*:*:*","matchCriteriaId":"A65A2842-1A84-420B-9F90-2F0DB0F0709C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:arteche:satech_bcu:-:*:*:*:*:*:*:*","matchCriteriaId":"089E0E50-93BD-4E13-A4E5-982A20BD8877"}]}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu","source":"cve-coordination@incibe.es","tags":["Third Party Advisory"]}]}}]}