Vulnerability Description
A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in which an unexpected return value from the authentication routine is later on processed as a legitimate value, resulting in an authentication bypass.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Copeland | Xweb 500B Pro Firmware | <= 1.12.1 |
| Copeland | Xweb 500B Pro | - |
| Copeland | Xweb 300D Pro Firmware | <= 1.12.1 |
| Copeland | Xweb 300D Pro | - |
| Copeland | Xweb 500D Pro Firmware | <= 1.12.1 |
| Copeland | Xweb 500D Pro | - |
Related Weaknesses (CWE)
References
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-05Third Party Advisory
- https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdateProduct
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2026-25085?
CVE-2026-25085 is a vulnerability with a CVSS score of 8.6 (HIGH). A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in which an unexpected return value from the authentication routine is later on processed as a legitimate value, resulting in an...
How severe is CVE-2026-25085?
CVE-2026-25085 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-25085?
Check the references section above for vendor advisories and patch information. Affected products include: Copeland Xweb 500B Pro Firmware, Copeland Xweb 500B Pro, Copeland Xweb 300D Pro Firmware, Copeland Xweb 300D Pro, Copeland Xweb 500D Pro Firmware.