CVE-2026-25608 | THREATINT

Description

STER uses unencrypted TCP traffic to transmit data over the network. It allows an attacker to conduct a Man-In-The-Middle attack and obtain sensitive data such as passwords, personal data, or authentication tokens. This issue was fixed in version 9.5.

PUBLISHED Reserved 2026-02-03 | Published 2026-05-22 | Updated 2026-05-22 | Assigner CERT-PL

LOW: 2.3CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-319 Cleartext Transmission of Sensitive Information

Product status

Default status

unaffected

Any version before 9.5

affected

Credits

Michelin CERT finder

References

cert.pl/posts/2026/05/CVE-2026-25606 third-party-advisory

www.ciop.pl/...nfpb=true&_pageLabel=P52000165211572544981480 product

cve.org (CVE-2026-25608)

nvd.nist.gov (CVE-2026-25608)

Download JSON