CVE-2025-49199CRITICAL 9.8EPSS p19.5%

CVE-2025-49199CVE-2025-49199

Description

The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a backup ZIP, modify and re-upload it. This allows the attacker to disrupt the application by configuring the services in a way that they are unable to run, making the application unusable. They can redirect traffic that is meant to be internal to their own hosted services and gathering information.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.28% probability of exploitation · percentile 19.5% · 2026-06-19T12:03:05Z
Published2025-06-12
Last modified2026-01-26

Underlying weaknesses· 1

CWE-345

References

  1. https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF
  2. https://sick.com/psirt
  3. https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
  4. https://www.first.org/cvss/calculator/3.1
  5. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json
  6. https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf

1

TypeTargetConfidenceTier
WeaknessInsufficient Verification of Data Authenticitycwe-3450%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-49181
CVE
CVE-2025-49182
CVE
CVE-2025-64127
CVE
CVE-2025-41764
CVE
CVE-2025-30023
CVE
CVE-2025-59171
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.