CVE-2025-49181
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-06-12
Last updated on: 2026-02-03
Assigner: SICK AG
Description
Description
Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET
requests to gather sensitive information. An attacker could also send HTTP POST requests to modify
the log filesβ root path as well as the TCP ports the service is running on, leading to a Denial of Service
attack.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sick | media_server | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs because an API endpoint lacks proper authorization, allowing unauthorized users to send HTTP GET requests to access sensitive information. Additionally, attackers can send HTTP POST requests to change the log files' root path and the TCP ports the service uses, which can cause a Denial of Service (DoS) attack.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive information and disruption of service availability through Denial of Service attacks by modifying critical service configurations.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70