CVE-2025-49199 — HIGH (8.8)

Vulnerability Description

The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a backup ZIP, modify and re-upload it. This allows the attacker to disrupt the application by configuring the services in a way that they are unable to run, making the application unusable. They can redirect traffic that is meant to be internal to their own hosted services and gathering information.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Sick	Field Analytics	All versions

Related Weaknesses (CWE)

CWE-345

References

https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SIBroken Link
https://sick.com/psirtVendor Advisory
https://www.cisa.gov/resources-tools/resources/ics-recommended-practicesUS Government Resource
https://www.first.org/cvss/calculator/3.1Not Applicable
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.jsonVendor Advisory
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdfVendor Advisory

FAQ

What is CVE-2025-49199?

CVE-2025-49199 is a vulnerability with a CVSS score of 8.8 (HIGH). The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a backup ZIP, modify and re-upload it. This allows the attacker to disrupt the application b...

How severe is CVE-2025-49199?

CVE-2025-49199 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-49199?

Check the references section above for vendor advisories and patch information. Affected products include: Sick Field Analytics.