CVE-2026-25085

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-25085

8.6 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

A

vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in which an unexpected return value from the authentication routine is later on processed as a legitimate value, resulting in an authentication bypass.

References
Link Resource
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json
https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate
https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10
Configurations

No configuration.

History

27 Feb 2026, 14:06

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad en Copeland XWEB Pro versión 1.12.1 y anteriores, en la que un valor de retorno inesperado de la rutina de autenticación es posteriormente procesado como un valor legítimo, resultando en un bypass de autenticación.

27 Feb 2026, 01:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-02-27 01:16

Updated : 2026-02-27 14:06

NVD link : CVE-2026-25085

Mitre link : CVE-2026-25085

CVE.ORG link : CVE-2026-25085

JSON object : View

Products Affected

No product.

CWE
CWE-394

Unexpected Status Code or Return Value