CVE-2025-49151 CRITICAL

CVE-2025-49151: Use of Hard-coded, Security-relevant Constants in MICROSENS NMP Web+

Vendor Microsens
Product NMP Web+
Weakness CWE-547
Published June 25, 2025
Last update July 17, 2025

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

The affected products could allow an unauthenticated attacker to generate forged JSON Web Tokens (JWT) to bypass authentication.

Key dates

02Disclosure timeline

June 25, 2025 CVE published
July 17, 2025 Record updated