CVE-2025-49193 MEDIUM

CVE-2025-49193: Missing HTTP Security Headers

Vendor Sick Ag
Product Field Analytics
Weakness CWE-693
Published June 12, 2025
Last update May 13, 2026

CVSS base score

4.2/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks).

Key dates

02Disclosure timeline

June 12, 2025 CVE published
May 13, 2026 Record updated