CVE-2025-25613

7.5 HIGH
Published: November 20, 2025 Modified: January 15, 2026
View on NVD

Description

FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45, with 2 x 1Gb SFP, Fanless. All versions before 2.2.0D Build 135103 were discovered to transmit cookies for their web based administrative application containing usernames and passwords. These were transmitted in cleartext using simple base64 encoding during every POST request made to the server.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://fs.com
Source: cve@mitre.org
Product
http://s3150-8t2f.com
Source: cve@mitre.org
Broken Link
https://github.com/SwiftSecur/S3150-8T2F-FS.com-Research/wiki
Source: cve@mitre.org
Exploit Third Party Advisory

3 reference(s) from NVD

Quick Stats

CVSS v3 Score
7.5 / 10.0
EPSS (Exploit Probability)
0.0%
8th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-312

Affected Vendors

fs

Related CVEs

CVE-2026-2072 8.2
CVE-2026-1166 4.3
CVE-2026-4784 7.3
CVE-2026-4766 6.4
CVE-2026-4783 6.3