Vulnerability Description
In the HTTP request, the username and password are transferred directly in the URL as parameters. However, URLs can be stored in various systems such as server logs, browser histories or proxy servers. As a result, there is a high risk that this sensitive data will be disclosed unintentionally.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sick | Baggage Analytics | All versions |
| Sick | Enterprise Analytics | All versions |
| Sick | Logistic Diagnostic Analytics | All versions |
| Sick | Package Analytics | All versions |
| Sick | Tire Analytics | All versions |
Related Weaknesses (CWE)
References
- https://sick.com/psirtVendor Advisory
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practicesUS Government Resource
- https://www.first.org/cvss/calculator/3.1Not Applicable
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.jsonVendor Advisory
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdfVendor Advisory
- https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidProduct
FAQ
What is CVE-2025-58584?
CVE-2025-58584 is a vulnerability with a CVSS score of 5.3 (MEDIUM). In the HTTP request, the username and password are transferred directly in the URL as parameters. However, URLs can be stored in various systems such as server logs, browser histories or proxy servers...
How severe is CVE-2025-58584?
CVE-2025-58584 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-58584?
Check the references section above for vendor advisories and patch information. Affected products include: Sick Baggage Analytics, Sick Enterprise Analytics, Sick Logistic Diagnostic Analytics, Sick Package Analytics, Sick Tire Analytics.