CVE-2026-25071 identifies a critical missing authentication vulnerability in the firmware of the XikeStor SKS8310-8X network switch produced by Anhui Seeker Electronic Technology Co., LTD. Specifically, the vulnerability exists in firmware versions 1.04.B07 and earlier, where the /switch_config.src endpoint does not require any authentication to access. This endpoint allows retrieval of the device's configuration files remotely by any unauthenticated attacker. These configuration files contain sensitive information such as VLAN settings, IP addressing schemes, and potentially other network topology details. The vulnerability is classified under CWE-306 (Missing Authentication for Critical Function), indicating a failure to enforce authentication controls on a security-critical function. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N) highlights that the attack can be performed remotely over the network with low attack complexity, no privileges or user interaction required, and results in high confidentiality impact without affecting integrity or availability. No patches or mitigations have been officially released at the time of publication, and no known exploits have been observed in the wild. However, the exposure of configuration data can facilitate further targeted attacks, including network reconnaissance, unauthorized access, and lateral movement within affected environments.

The primary impact of this vulnerability is the unauthorized disclosure of sensitive network configuration data, which can severely compromise an organization's network security posture. Attackers gaining access to VLAN and IP addressing information can map internal network structures, identify critical assets, and plan subsequent attacks such as man-in-the-middle, privilege escalation, or denial of service. Since the vulnerability requires no authentication and can be exploited remotely, it significantly lowers the barrier for attackers, including opportunistic threat actors and advanced persistent threats. Organizations relying on the XikeStor SKS8310-8X switches for critical infrastructure or sensitive environments face increased risks of data breaches, operational disruption, and potential regulatory non-compliance due to exposure of confidential network configurations. The lack of known exploits in the wild currently limits immediate widespread impact, but the vulnerability's characteristics make it a prime candidate for future exploitation campaigns.

1. Immediate mitigation involves restricting network access to the management interfaces of affected XikeStor SKS8310-8X devices, ensuring that only trusted administrative hosts can reach the /switch_config.src endpoint. 2. Implement network segmentation and firewall rules to isolate management traffic from general user networks and the internet. 3. Monitor network traffic for unusual requests to the /switch_config.src endpoint, which may indicate exploitation attempts. 4. Engage with Anhui Seeker Electronic Technology Co., LTD. to obtain firmware updates or patches addressing this vulnerability as soon as they become available. 5. If firmware updates are delayed, consider deploying compensating controls such as VPN access for management interfaces or disabling unused services on the device. 6. Conduct regular audits of device configurations and access logs to detect unauthorized access. 7. Educate network administrators about the risks of exposing management endpoints without authentication and enforce strict credential policies once authentication mechanisms are implemented.