CVE-2025-58584 MEDIUM

CVE-2025-58584: Plain Text Transmission of Username and Password in the URL

Vendor Sick Ag
Product Baggage Analytics
Weakness CWE-598
Published October 6, 2025
Last update May 13, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

In the HTTP request, the username and password are transferred directly in the URL as parameters. However, URLs can be stored in various systems such as server logs, browser histories or proxy servers. As a result, there is a high risk that this sensitive data will be disclosed unintentionally.

Key dates

02Disclosure timeline

October 6, 2025 CVE published
May 13, 2026 Record updated