CVE-2025-2772 is a vulnerability affecting multiple router models produced by BEC Technologies, specifically versions 1.04.1.512 and 1.04.1.542. The core issue lies in the insufficient protection of credentials due to the way the router's web management interface handles user information. The vulnerability is located in the /cgi-bin/tools_usermanage.asp endpoint, which transmits a list of users and their credentials to the client side without adequate security controls. This design flaw allows a network-adjacent attacker—someone who can access the same local network segment as the router—to intercept or retrieve sensitive credential information without requiring any authentication or user interaction. The exposure of these credentials can enable attackers to escalate privileges, gain unauthorized administrative access to the router, and potentially pivot into the internal network. The vulnerability is categorized under CWE-522, indicating insufficiently protected credentials, which is a common weakness that can lead to information disclosure and further compromise. Although no public exploits have been reported in the wild to date, the ease of exploitation and the nature of the vulnerability make it a significant risk for affected deployments. The vulnerability was tracked under ZDI-CAN-25895 before being assigned the CVE identifier.

For European organizations, the impact of this vulnerability can be substantial. Routers serve as critical network infrastructure components, and compromise of router credentials can lead to unauthorized configuration changes, interception of network traffic, and establishment of persistent footholds within corporate networks. This can result in confidentiality breaches, such as exposure of sensitive corporate data, and integrity violations, including manipulation of network traffic or disruption of services. Availability could also be affected if attackers disable or misconfigure routers. Given that authentication is not required to exploit this vulnerability and no user interaction is needed, the attack surface is broad for any network-adjacent adversary. Organizations relying on BEC Technologies routers in their network perimeter or internal segments are at risk of lateral movement and targeted attacks. The vulnerability is particularly concerning for sectors with high security requirements, such as finance, critical infrastructure, and government entities within Europe. Additionally, the lack of available patches increases the window of exposure, necessitating immediate compensating controls.

Since no official patches are currently available for the affected BEC Technologies router versions, European organizations should implement specific mitigations to reduce risk. First, restrict network access to the router management interface by enforcing strict network segmentation and access control lists (ACLs) to limit access only to trusted administrative hosts. Disable remote management features if not required, or restrict them to secure VPN connections. Monitor network traffic for unusual access patterns to the /cgi-bin/tools_usermanage.asp endpoint and implement intrusion detection/prevention systems (IDS/IPS) with custom signatures targeting this vulnerability. Change default credentials and enforce strong password policies to reduce the impact if credentials are disclosed. Where possible, replace affected routers with models from vendors that provide timely security updates and have a stronger security posture. Additionally, conduct regular security audits and penetration tests focusing on network infrastructure to identify and remediate similar weaknesses. Finally, maintain awareness of vendor communications for any forthcoming patches or firmware updates addressing this vulnerability.