CVE-2025-25613
Modified Modified - Updated After Analysis

BaseFortify

Vulnerability report for CVE-2025-25613, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-11-20

Last updated on: 2026-07-05

Assigner: MITRE

Description

FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45, with 2 x 1Gb SFP, Fanless. All versions before 2.2.0D Build 135103 were discovered to transmit cookies for their web based administrative application containing usernames and passwords. These were transmitted in cleartext using simple base64 encoding during every POST request made to the server.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-11-20
Last Modified
2026-07-05
Generated
2026-07-06
AI Q&A
2025-11-20
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
fs.com innovation_ltd_s3150-8t2f_firmware 2.2.0d_135103
windriver vxworks 2.10

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-312 The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects the FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch web-based administrative application. Versions before 2.2.0D Build 135103 transmit cookies containing usernames and passwords in cleartext using simple base64 encoding during every POST request to the server, exposing sensitive credentials.

Impact Analysis

An attacker intercepting network traffic could capture the base64 encoded cookies containing usernames and passwords, potentially gaining unauthorized access to the administrative interface of the switch. This could lead to unauthorized configuration changes, network disruption, or further compromise of the network.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-25613. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart