CVE-2025-0867CRITICAL 9.9EPSS p44.1%

CVE-2025-0867CVE-2025-0867

Description

The standard user uses the run as function to start the MEAC applications with administrative privileges. To ensure that the system can startup on its own, the credentials of the administrator were stored. Consequently, the EPC2 user can execute any command with administrative privileges. This allows a privilege escalation to the administrative level.

Scoring

CVSS 3.19.9 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS0.60% probability of exploitation · percentile 44.1% · 2026-06-19T12:03:05Z
Published2025-02-14
Last modified2026-04-15

Underlying weaknesses· 1

CWE-522

References

  1. https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF
  2. https://sick.com/psirt
  3. https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
  4. https://www.first.org/cvss/calculator/3.1
  5. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0001.json
  6. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0001.pdf

1

TypeTargetConfidenceTier
WeaknessInsufficiently Protected Credentialscwe-5220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-1393
CVE
CVE-2025-25269
CVE
CVE-2025-6541
CVE
CVE-2025-59106
CVE
CVE-2025-31710
CVE
CVE-2025-64691
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.