CVE-2025-49191 MEDIUM

CVE-2025-49191: Dashboards and iFrames can link malicious web content

Vendor Sick Ag
Product SICK Field Analytics
Weakness CWE-1021
Published June 12, 2025
Last update June 12, 2025

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. The URLs get embedded as iFrame widgets, making it possible to attack other users that access the dashboard by including malicious code. The attack is only possible if the attacker is authorized to create new dashboards or iFrame widgets.

Key dates

02Disclosure timeline

June 12, 2025 CVE published
June 12, 2025 Record updated