CVE-2025-49200 MEDIUM

CVE-2025-49200: Unencrypted backup contains sensitive information

Vendor Sick Ag

Product SICK Field Analytics

Weakness CWE-200 · Info exposure

Published June 12, 2025

Last update June 17, 2025

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

The created backup files are unencrypted, making the application vulnerable for gathering sensitive information by downloading and decompressing the backup files.

Key dates

02Disclosure timeline

June 12, 2025 CVE published

June 17, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-49200 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

04Related CVE

CVE-2023-33933 Apache Traffic Server: s3_auth plugin problem with hash calculation CVE-2026-44409 Information disclosure vulnerability in ZTE MU5250 CVE-2025-9808 The Events Calendar <= 6.15.2 - Missing Authorization to Unauthenticated Password-Protected Information Disclosure CVE-2025-15103 DVP-12SE11T - Authentication Bypass via Partial Password Disclosure CVE-2024-13622 File Uploads Addon for WooCommerce <= 1.7.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory