Vulnerability Description
DwyerOmega Isensix Advanced Remote Monitoring System (ARMS) 1.5.7 allows an attacker to retrieve sensitive information from the underlying SQL database via Blind SQL Injection through the user parameter in the login page. This allows an attacker to steal credentials, which may be cleartext, from existing users (and admins) and use them to authenticate to the application.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dwyeromega | Isensix Advanced Remote Monitoring System Firmware | <= 1.5.7 |
| Dwyeromega | Isensix Advanced Remote Monitoring System | - |
Related Weaknesses (CWE)
References
- https://github.com/PilotPatrickk/Published-CVEs/blob/main/CVE-2025-59379.mdThird Party Advisory
- https://info.dwyeromega.com/brandsProduct
- https://isensix.com/guardian/Product
FAQ
What is CVE-2025-59379?
CVE-2025-59379 is a vulnerability with a CVSS score of 7.5 (HIGH). DwyerOmega Isensix Advanced Remote Monitoring System (ARMS) 1.5.7 allows an attacker to retrieve sensitive information from the underlying SQL database via Blind SQL Injection through the user paramet...
How severe is CVE-2025-59379?
CVE-2025-59379 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-59379?
Check the references section above for vendor advisories and patch information. Affected products include: Dwyeromega Isensix Advanced Remote Monitoring System Firmware, Dwyeromega Isensix Advanced Remote Monitoring System.