CVE-2025-49192
BaseFortify
Publication date: 2025-06-12
Last updated on: 2026-02-06
Assigner: SICK AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sick | media_server | to 1.5 (inc) |
| sick | field_analytics | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1021 | The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a clickjacking attack where the web application can be embedded into another frame. An attacker can trick a user into clicking on something different from what the user perceives, potentially leading to unintended actions.
How can this vulnerability impact me? :
The impact of this vulnerability includes the potential exposure of confidential information or allowing attackers to take control of the user's computer by tricking them into clicking on seemingly harmless objects.
What immediate steps should I take to mitigate this vulnerability?
To mitigate clickjacking vulnerabilities, implement X-Frame-Options or Content-Security-Policy headers to prevent your web application from being embedded in frames or iframes on other sites. For example, set the HTTP header 'X-Frame-Options' to 'DENY' or 'SAMEORIGIN'.