CVE-2025-49183
Analyzed
Analyzed - Analysis Complete
BaseFortify
Publication date: 2025-06-12
Last updated on: 2026-01-29
Assigner: SICK AG
Description
Description
All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sick | media_server | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs because all communication with the REST API is unencrypted, using HTTP instead of HTTPS. This allows an attacker to intercept the traffic between a user (actor) and the webserver, potentially capturing sensitive information and downloading media files.
How can this vulnerability impact me? :
The vulnerability can impact you by exposing sensitive information transmitted via the REST API to attackers who intercept the unencrypted traffic. This can lead to unauthorized information gathering and the downloading of media files without permission.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70