CVE-2025-25613: FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45, with 2 x 1Gb SFP, Fanless.
FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45, with 2 x 1Gb SFP, Fanless. All versions before 2.2.0D Build 135103 were discovered to transmit cookies for their web based administrative application containing usernames and passwords. These were transmitted in cleartext using simple base64 encoding during every POST request made to the server.
Security readout for executives and security teams
Plain-English summary
This vulnerability can expose administrator usernames and passwords from the web management interface of the FS S3150-8T2F switch. The credentials are placed in cookies and sent with POST requests using only base64 encoding, which is not encryption.
Executive priority
Treat this as a high-priority network infrastructure issue. Credential leakage from switch administration can enable further access, especially in flat or poorly segmented environments.
Technical view
CVE-2025-25613 affects FS Inc S3150-8T2F switch firmware before 2.2.0D Build 135103. The web administrative application transmits cookies containing usernames and passwords in cleartext with simple base64 encoding on every POST request. The record maps this to CWE-312 and CVSS 3.1 score 7.5.
Likely exposure
Exposure is most likely where the switch web administration interface is reachable from user networks, shared management networks, VPN users, or the internet. Risk is lower when management access is isolated and encrypted transport is enforced.
Exploitation context
The source bundle does not cite active exploitation, and the CVE is not marked KEV. The main concern is credential disclosure to anyone able to observe or capture administrative web traffic.
Researcher notes
Evidence is limited to the CVE record and linked public research. The affected CPE data is not populated in the bundle, so asset matching should use model and firmware identification rather than CPE-only detection.
Mitigation direction
Upgrade affected devices to 2.2.0D Build 135103 or later if vendor guidance confirms availability.
Restrict web administration to a dedicated management network.
Block internet access to the switch management interface.
Rotate switch administrator credentials after remediation.
Review vendor or maintainer guidance for official fixes and hardening advice.
Validation and detection
Inventory FS S3150-8T2F switches and record firmware versions.
Flag any device running firmware before 2.2.0D Build 135103.
Confirm management interfaces are not exposed to untrusted networks.
Review administrative web traffic handling without exposing credentials in reports.
Verify credential rotation after firmware remediation.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-312: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-312 · source CWE mapping
Cleartext Storage of Sensitive Information
Cleartext Storage of Sensitive Information represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.