CVE-2026-25072
Received Received - Intake
Predictable Session ID Vulnerability in XikeStor SKS8310-8X Switch

Publication date: 2026-03-07

Last updated on: 2026-03-12

Assigner: VulnCheck

Description
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint that allows remote attackers to hijack authenticated sessions. Attackers can predict session identifiers using insufficiently random cookie values and exploit exposed session parameters in URLs to gain unauthorized access to authenticated user sessions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-07
Last Modified
2026-03-12
Generated
2026-06-16
AI Q&A
2026-03-07
EPSS Evaluated
2026-06-15
NVD
CVE-2026-25072
EUVD
EUVD-2026-10094
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
seekswan zikestor_sks8310-8x_firmware to 1.04.b07 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-330 The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability allows remote attackers to hijack authenticated sessions by predicting session identifiers. As a result, attackers can gain unauthorized access to user accounts and potentially control or manipulate the network switch without proper authorization.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Executive Summary

The vulnerability exists in XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and earlier. It involves a predictable session identifier in the /goform/SetLogin endpoint. Because the session identifiers are generated with insufficient randomness and session parameters are exposed in URLs, remote attackers can predict these identifiers and hijack authenticated user sessions.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25072. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart