Vulnerabilities

CVE-2026-25072 - XikeStor SKS8310-8X Predictable Session Identifiers

2026-03-07 0 views admin

CVE ID :CVE-2026-25072 Published : March 7, 2026, 12:20 a.m. | 1 hour, 5 minutes ago Description :XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint that allows remote attackers to hijack authenticated sessions. Attackers can predict session identifiers using insufficiently random cookie values and exploit exposed session parameters in URLs to gain unauthorized access to authenticated user sessions. Severity: 8.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-25072

Severity

HIGH

Published

March 7, 2026

Attack Vector: Network

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-25072high

CVE-2026-25072 - XikeStor SKS8310-8X Predictable Session Identifiers

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2026-1981 - Winston AI <= 0.0.3 - missing authorization to authenticated (subscriber+) arbitr...

CVE-2026-1644 - WP Frontend Profile <= 1.3.8 - cross-site request forgery to unauthorized user ac...

CVE-2026-25070 - XikeStor SKS8310-8X PingTestSet Command Injection

CVE-2026-25071 - XikeStor SKS8310-8X switch_config.src Missing Authentication

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting