Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

BRAIN2

Source -

CNA

CNA CVEs -

2

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
2Vulnerabilities found
CVE-2025-6512
Assigner-Bizerba SE & Co. KG
ShareView Details
Assigner-Bizerba SE & Co. KG
CVSS Score-10||CRITICAL
EPSS-0.07% / 21.39%
||
7 Day CHG~0.00%
Published-23 Jun, 2025 | 12:48
Updated-23 Jun, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Scripts within reports executable on BRAIN2 Server

On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights.

Action-Not Available
Vendor-Bizerba SE & Co. KG
Product-BRAIN2
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-6513
Assigner-Bizerba SE & Co. KG
ShareView Details
Assigner-Bizerba SE & Co. KG
CVSS Score-9.3||CRITICAL
EPSS-0.02% / 2.97%
||
7 Day CHG~0.00%
Published-23 Jun, 2025 | 12:37
Updated-23 Jun, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BRAIN2 Configuration file for database access not sufficiently secured

Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it.

Action-Not Available
Vendor-Bizerba SE & Co. KG
Product-BRAIN2
CWE ID-CWE-260
Password in Configuration File