CVE-2025-49181 HIGH

CVE-2025-49181: Configurations endpoint does not require authorization

Vendor Sick Ag
Product SICK Media Server
Weakness CWE-862 · Missing authorization
Published June 12, 2025
Last update June 12, 2025

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

What the vulnerability does

01Description

Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensitive information. An attacker could also send HTTP POST requests to modify the log files’ root path as well as the TCP ports the service is running on, leading to a Denial of Service attack.

Key dates

02Disclosure timeline

June 12, 2025 CVE published
June 12, 2025 Record updated