CVE-2025-49193
BaseFortify
Publication date: 2025-06-12
Last updated on: 2026-01-26
Assigner: SICK AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sick | baggage_analytics | * |
| sick | field_analytics | * |
| sick | logistic_diagnostic_analytics | * |
| sick | media_server | to 1.5 (exc) |
| sick | package_analytics | * |
| sick | tire_analytics | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-693 | The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs because the application does not implement several important security headers. These headers are designed to enhance the security of the web application by preventing it from being embedded in an iFrame, which protects against Clickjacking attacks, and by blocking the execution of injected malicious JavaScript code, which helps prevent Cross-Site Scripting (XSS) attacks.
How can this vulnerability impact me? :
The lack of security headers can expose the web application to Clickjacking attacks, where an attacker tricks users into clicking on hidden elements, and Cross-Site Scripting (XSS) attacks, where malicious scripts can be executed in the user's browser. This can lead to unauthorized actions, data theft, or manipulation of the application.