CVE-2025-27593CRITICAL 9.3EPSS p30.6%

CVE-2025-27593CVE-2025-27593

Description

The product can be used to distribute malicious code using SDD Device Drivers due to missing download verification checks, leading to code execution on target systems.

Scoring

CVSS 3.19.3 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
EPSS0.39% probability of exploitation · percentile 30.6% · 2026-06-19T12:03:05Z
Published2025-03-14
Last modified2026-04-15

Underlying weaknesses· 1

CWE-494

References

  1. https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF
  2. https://github.security.telekom.com/2025/03/multiple-vulnerabilities-in-sick-dl100.html
  3. https://sick.com/psirt
  4. https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
  5. https://www.first.org/cvss/calculator/3.1
  6. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.json
  7. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.pdf

1

TypeTargetConfidenceTier
WeaknessDownload of Code Without Integrity Checkcwe-4940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-1058
CVE
CVE-2025-12556
CVE
CVE-2025-1070
CVE
CVE-2025-27059
CVE
CVE-2025-6542
CVE
CVE-2025-57790
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.