CVE-2025-58580 MEDIUM

CVE-2025-58580: Injection via log file

Vendor Sick Ag
Product Enterprise Analytics
Weakness CWE-117
Published October 6, 2025
Last update October 6, 2025

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

An API endpoint allows arbitrary log entries to be created via POST request. Without sufficient validation of the input data, an attacker can create manipulated log entries and thus falsify or dilute logs, for example.

Key dates

02Disclosure timeline

October 6, 2025 CVE published
October 6, 2025 Record updated