CVE-2025-49181 – This vulnerability allows unauthorized users to... (How to Fix)

Q: What is the severity of CVE-2025-49181?

CVE-2025-49181 has a CVSS score of 8.6 (HIGH). This vulnerability allows unauthorized users to access sensitive information via HTTP GET requests and modify critical service configurations via HTTP POST requests, potentially causing denial of service. It affects SICK industrial control systems with missing API endpoint authorization. Organizations using affected SICK products are at risk.

📋 TL;DR

This vulnerability allows unauthorized users to access sensitive information via HTTP GET requests and modify critical service configurations via HTTP POST requests, potentially causing denial of service. It affects SICK industrial control systems with missing API endpoint authorization. Organizations using affected SICK products are at risk.

💻 Affected Systems

Products:

SICK industrial control systems and devices

Versions: Specific versions not detailed in provided references; consult vendor advisory for exact ranges.

Operating Systems: Embedded/industrial OS running SICK software

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with the vulnerable API endpoint enabled; default configurations appear vulnerable based on CVE description.

📦 What is this software?

Media Server by Sick

View all CVEs affecting Media Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption through port and log path manipulation, combined with sensitive data exfiltration leading to operational shutdown and data breach.

🟠

Likely Case

Unauthorized information gathering and service configuration tampering causing intermittent service interruptions.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing unauthorized API access.

🌐 Internet-Facing: HIGH - Directly exposed endpoints allow remote exploitation without authentication.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems can exploit the vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP requests can trigger both information disclosure and configuration modification.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched versions

Vendor Advisory: https://sick.com/psirt

Restart Required: Yes

Instructions:

1. Review SICK PSIRT advisory. 2. Download and apply recommended firmware/software updates. 3. Restart affected services/systems. 4. Verify fixes using verification steps.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected systems from untrusted networks using firewalls or VLANs.

API Endpoint Restriction

all

Block access to vulnerable API endpoints using web application firewall or access control lists.

🧯 If You Can't Patch

Implement strict network access controls to limit API endpoint exposure
Monitor for unauthorized HTTP GET/POST requests to affected endpoints

🔍 How to Verify

Check if Vulnerable:

Test if unauthorized HTTP GET requests to API endpoints return sensitive data or if POST requests can modify configurations without authentication.

Check Version:

Consult device/system documentation for version checking; typically via web interface or CLI commands specific to SICK products.

Verify Fix Applied:

Verify that API endpoints now require proper authentication and authorization checks.

📡 Detection & Monitoring

Log Indicators:

Unauthorized HTTP GET/POST requests to API endpoints
Unexpected changes to service configuration files

Network Indicators:

Unusual HTTP traffic patterns to API endpoints from unauthorized sources

SIEM Query:

source_ip NOT IN authorized_list AND (http_method:GET OR http_method:POST) AND uri_path CONTAINS "/api/"

📊 Metadata

CVE ID: CVE-2025-49181

CVSS v3 Score: 8.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE: CWE-862

EPSS Score: 0.28% exploit probability (50.7th percentile)

Published: June 12, 2025

Last Updated: February 3, 2026

🔗 References

https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF Broken Link
https://sick.com/psirt Vendor Advisory
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices US Government Resource
https://www.first.org/cvss/calculator/3.1 Not Applicable
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json Vendor Advisory
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-49181, you might also want to check these: