CVE-2025-25613
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-20

Last updated on: 2025-11-21

Assigner: MITRE

Description
FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45, with 2 x 1Gb SFP, Fanless. All versions before 2.2.0D Build 135103 were discovered to transmit cookies for their web based administrative application containing usernames and passwords. These were transmitted in cleartext using simple base64 encoding during every POST request made to the server.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-20
Last Modified
2025-11-21
Generated
2026-06-16
AI Q&A
2025-11-20
EPSS Evaluated
2026-06-15
NVD
CVE-2025-25613
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
fs.com innovation_ltd_s3150-8t2f_firmware 2.2.0d_135103
windriver vxworks 2.10
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-312 The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects the FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch web-based administrative application. Versions before 2.2.0D Build 135103 transmit cookies containing usernames and passwords in cleartext using simple base64 encoding during every POST request to the server, exposing sensitive credentials.

Impact Analysis

An attacker intercepting network traffic could capture the base64 encoded cookies containing usernames and passwords, potentially gaining unauthorized access to the administrative interface of the switch. This could lead to unauthorized configuration changes, network disruption, or further compromise of the network.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-25613. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart