CVE-2026-25085

Critical

A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in which an unexpected return value from the authentication routine…

icscert·CWE-394·Published 2026-02-27

CVSS

9.8

EPSS

0.00

KEV

Exploits

cve.orgen

224 chars

A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in which an unexpected return value from the authentication routine is later on processed as a legitimate value, resulting in an authentication bypass.

NVDen

224 chars

NVDes

240 chars

Existe una vulnerabilidad en Copeland XWEB Pro versión 1.12.1 y anteriores, en la que un valor de retorno inesperado de la rutina de autenticación es posteriormente procesado como un valor legítimo, resultando en un bypass de autenticación.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	8.6	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L