CVE-2025-49199
BaseFortify
Publication date: 2025-06-12
Last updated on: 2026-01-26
Assigner: SICK AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sick | field_analytics | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-345 | The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs because backup ZIP files created by the application are not signed. An attacker can download a backup ZIP, modify its contents, and then re-upload it. This manipulation allows the attacker to change the application's service configurations, potentially causing the services to fail to run and making the application unusable. Additionally, the attacker can redirect internal traffic to their own hosted services to gather information.
How can this vulnerability impact me? :
The vulnerability can severely impact you by making the application unusable due to disrupted service configurations. It also allows an attacker to redirect internal traffic to their own services, which can lead to unauthorized information gathering and potential data breaches.