CVE-2026-25085

Summary

A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in which an unexpected return value from the authentication routine is later on processed as a legitimate value, resulting in an authentication bypass.

Affected Software

VendorProductVersion RangeStatus
CopelandCopeland XWEB 300D PRO0 <= 1.12.1affected
CopelandCopeland XWEB 500D PRO0 <= 1.12.1affected
CopelandCopeland XWEB 500B PRO0 <= 1.12.1affected

Weaknesses

  • CWE-394: CWE-394

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References