QwikSec

Security Database

CVE

CWE

Training

CVE-2026-25085

Published: Feb 27, 2026

Modified: Mar 2, 2026

PUBLISHED

CVSS v3.1

8.6

HIGH

Description

A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in which an unexpected return value from the authentication routine is later on processed as a legitimate value, resulting in an authentication bypass.

Vendor	Product	Versions
Copeland	Copeland XWEB 300D PRO	affected `0 - <= 1.12.1`
Copeland	Copeland XWEB 500D PRO	affected `0 - <= 1.12.1`
Copeland	Copeland XWEB 500B PRO	affected `0 - <= 1.12.1`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

Low

References

https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate

https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.