CVE-2026-25608

Summary

STER uses unencrypted TCP traffic to transmit data over the network. It allows an attacker to conduct a Man-In-The-Middle attack and obtain sensitive data such as passwords, personal data, or authentication tokens.

This issue was fixed in version 9.5.

Affected Software

VendorProductVersion RangeStatus
Centralny Instytut Ochrony Pracy - Państwowy Instytut BadawczySTER0 < 9.5affected

Weaknesses

  • CWE-319: CWE-319 Cleartext Transmission of Sensitive Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References