CVE-2025-25613 is a vulnerability identified in FS Inc's S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, specifically affecting all firmware versions prior to 2.2.0D Build 135103. The core issue is that the device’s web-based administrative application transmits authentication cookies containing usernames and passwords in an insecure manner. These cookies are sent in every POST request to the server, encoded only with base64, which is not encryption but a reversible encoding scheme. This means that any attacker with the ability to capture network traffic between an administrator’s browser and the switch can easily decode these cookies to retrieve plaintext credentials. The vulnerability is classified under CWE-312 (Cleartext Storage of Sensitive Information) and has a CVSS v3.1 base score of 7.5, indicating high severity. The vector metrics indicate that the attack can be performed remotely over the network (AV:N), requires no privileges (PR:N), no user interaction (UI:N), and impacts confidentiality (C:H) without affecting integrity or availability. No patches or exploits in the wild are currently reported, but the risk remains significant due to the sensitive nature of the credentials exposed and the critical role of network switches in infrastructure. The vulnerability allows attackers to gain unauthorized administrative access, potentially leading to further network compromise.

For European organizations, this vulnerability poses a serious risk to network security and confidentiality. If exploited, attackers can obtain administrative credentials for the affected switches, enabling them to manipulate network traffic, create backdoors, or disrupt network operations. This could lead to data breaches, lateral movement within corporate networks, and compromise of sensitive information. Organizations in sectors such as finance, healthcare, telecommunications, and critical infrastructure are particularly vulnerable due to their reliance on secure network management. The exposure of credentials in cleartext also increases the risk of targeted attacks by nation-state actors or cybercriminal groups. Given the lack of required authentication or user interaction, exploitation can be automated and stealthy, increasing the likelihood of unnoticed compromise. The absence of known exploits in the wild does not diminish the potential impact, as the vulnerability is straightforward to exploit with common network sniffing tools.

1. Immediately upgrade all FS Inc S3150-8T2F switches to firmware version 2.2.0D Build 135103 or later, where this vulnerability is resolved. 2. If upgrading is not immediately possible, restrict access to the web-based administrative interface to trusted management networks only, using VLAN segmentation and firewall rules. 3. Implement encrypted management protocols such as HTTPS with strong TLS configurations, and disable any insecure management protocols. 4. Use network monitoring and intrusion detection systems to detect unusual access patterns or credential theft attempts. 5. Enforce strong administrative password policies and consider multi-factor authentication if supported. 6. Regularly audit network devices for outdated firmware and insecure configurations. 7. Educate network administrators about the risks of transmitting credentials in cleartext and encourage the use of secure remote management tools. 8. Consider deploying network encryption technologies such as IPsec or MACsec to protect management traffic within the LAN.