Vulnerability Description
All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sick | Media Server | All versions |
Related Weaknesses (CWE)
References
- https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SIBroken Link
- https://sick.com/psirtVendor Advisory
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practicesUS Government Resource
- https://www.first.org/cvss/calculator/3.1Not Applicable
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.jsonVendor Advisory
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdfVendor Advisory
FAQ
What is CVE-2025-49183?
CVE-2025-49183 is a vulnerability with a CVSS score of 7.5 (HIGH). All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and down...
How severe is CVE-2025-49183?
CVE-2025-49183 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-49183?
Check the references section above for vendor advisories and patch information. Affected products include: Sick Media Server.