CVE-2025-58578
Analyzed
Analyzed - Analysis Complete
BaseFortify
Publication date: 2025-10-06
Last updated on: 2026-01-27
Assigner: SICK AG
Description
Description
A user with the appropriate authorization can create any number of user accounts via an API endpoint using a POST request. There are no quotas, checking mechanisms or restrictions to limit the creation.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sick | enterprise_analytics | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows a user who already has the necessary authorization to create an unlimited number of user accounts through an API endpoint by sending POST requests. There are no limits, quotas, or checks to restrict how many accounts can be created.
How can this vulnerability impact me? :
The vulnerability can lead to resource exhaustion or denial of service by allowing excessive creation of user accounts. It may also increase administrative overhead and potentially enable abuse of the system by creating many unauthorized or fake accounts.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70