CVE-2025-49181
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
12/06/2025
Last modified:
03/02/2026
Description
Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET<br />
requests to gather sensitive information. An attacker could also send HTTP POST requests to modify<br />
the log files’ root path as well as the TCP ports the service is running on, leading to a Denial of Service<br />
attack.
Impact
Base Score 3.x
8.60
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sick:media_server:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF
- https://sick.com/psirt
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
- https://www.first.org/cvss/calculator/3.1
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf