CVE-2026-25072 identifies a critical security flaw in the firmware of the Anhui Seeker Electronic Technology Co., LTD. XikeStor SKS8310-8X network switch, specifically affecting firmware versions 1.04.B07 and prior. The vulnerability arises from the use of insufficiently random values in generating session identifiers for the /goform/SetLogin endpoint. This weakness allows remote attackers to predict session cookies due to poor entropy or predictable algorithms, violating CWE-330 standards. By exploiting predictable session identifiers and exposed session parameters in URLs, attackers can hijack authenticated sessions without needing prior authentication or user interaction. The vulnerability has a CVSS 4.0 base score of 8.6, reflecting its network attack vector, low attack complexity, no privileges required, and high impact on confidentiality and integrity. Although no exploits are currently known in the wild, the flaw exposes critical management interfaces to unauthorized access, risking control over network switch configurations and potentially broader network compromise. The vulnerability does not affect availability directly but compromises the integrity and confidentiality of the device's management sessions. The lack of available patches necessitates immediate attention to alternative mitigations.

The primary impact of CVE-2026-25072 is unauthorized access to authenticated sessions on vulnerable XikeStor SKS8310-8X switches, enabling attackers to assume administrative control over network management interfaces. This can lead to unauthorized configuration changes, interception or manipulation of network traffic, and potential lateral movement within affected networks. Confidentiality is severely impacted as attackers can access sensitive management data. Integrity is compromised due to the possibility of unauthorized configuration changes. Although availability is not directly affected, the downstream effects of compromised network devices can disrupt network operations. Organizations relying on these switches for critical infrastructure or sensitive environments face elevated risks of espionage, sabotage, or data breaches. The ease of exploitation without authentication or user interaction increases the likelihood of attacks, especially in exposed network segments.

1. Monitor vendor announcements closely and apply firmware updates promptly once patches addressing CVE-2026-25072 are released. 2. Until patches are available, restrict access to the management interfaces of XikeStor SKS8310-8X switches using network segmentation, firewalls, and access control lists to limit exposure to trusted administrators only. 3. Implement multi-factor authentication (MFA) on management interfaces if supported to add an additional layer of security beyond session identifiers. 4. Disable or restrict remote management access (e.g., via WAN or untrusted networks) to reduce attack surface. 5. Employ network intrusion detection/prevention systems (IDS/IPS) to detect anomalous session hijacking attempts or unusual access patterns. 6. Regularly audit and monitor logs for suspicious login activity or session anomalies. 7. Consider deploying compensating controls such as VPNs or jump hosts for management access to enhance security. 8. Educate administrators on the risks of session hijacking and the importance of secure session management practices.