CVE-2025-49183 HIGH

CVE-2025-49183: Unencrypted communication (HTTP)

Vendor Sick Ag
Product SICK Media Server
Weakness CWE-319 · Cleartext transmission
Published June 12, 2025
Last update June 13, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files.

Key dates

02Disclosure timeline

June 12, 2025 CVE published
June 13, 2025 Record updated