CVE-2025-49185 – This cross-site scripting (XSS) vulnerability a... (How to Fix)

Q: What is the severity of CVE-2025-49185?

CVE-2025-49185 has a CVSS score of 5.5 (MEDIUM). This cross-site scripting (XSS) vulnerability allows attackers who can create dashboard widgets to inject malicious JavaScript into Transform Functions. When the widget receives data from its data source, the injected code executes in users' browsers. This affects web applications using vulnerable dashboard widget systems.

📋 TL;DR

This cross-site scripting (XSS) vulnerability allows attackers who can create dashboard widgets to inject malicious JavaScript into Transform Functions. When the widget receives data from its data source, the injected code executes in users' browsers. This affects web applications using vulnerable dashboard widget systems.

💻 Affected Systems

Products:

SICK web applications with dashboard widget functionality

Versions: Specific versions not detailed in provided references; check vendor advisory for exact ranges

Operating Systems: All platforms running vulnerable web applications

Default Config Vulnerable: ⚠️ Yes

Notes: Requires attacker to have widget creation permissions; affects systems where dashboard widgets can be created with custom transform functions.

📦 What is this software?

Field Analytics by Sick

View all CVEs affecting Field Analytics →

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, redirect users to malicious sites, perform actions on behalf of authenticated users, or deploy ransomware payloads through the web interface.

🟠

Likely Case

Session hijacking, credential theft, or defacement of dashboard interfaces by authenticated malicious users.

🟢

If Mitigated

Limited impact with proper input validation, output encoding, and Content Security Policy (CSP) headers in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access with widget creation privileges; injection is straightforward once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory SCA-2025-0007 for specific fixed versions

Vendor Advisory: https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json

Restart Required: Yes

Instructions:

1. Review SICK advisory SCA-2025-0007. 2. Identify affected products and versions. 3. Apply vendor-provided patches. 4. Restart affected services. 5. Verify fix implementation.

🔧 Temporary Workarounds

Restrict Widget Creation Permissions

all

Limit dashboard widget creation to trusted administrators only

Implement Content Security Policy

all

Add CSP headers to restrict script execution sources

Content-Security-Policy: script-src 'self'

🧯 If You Can't Patch

Implement strict input validation and output encoding for all widget transform functions
Monitor and audit all widget creation and modification activities

🔍 How to Verify

Check if Vulnerable:

Test if JavaScript can be injected into widget transform functions and executes when data is received

Check Version:

Check web application version against vendor's patched version list

Verify Fix Applied:

Verify patches are applied and test that script injection no longer executes

📡 Detection & Monitoring

Log Indicators:

Unusual widget creation/modification events
JavaScript payloads in transform function parameters

Network Indicators:

Unexpected external script loads from dashboard pages

SIEM Query:

source="web_logs" AND (event="widget_create" OR event="widget_modify") AND (message="*<script>*" OR message="*javascript:*")

📊 Metadata

CVE ID: CVE-2025-49185

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.06% exploit probability (17.3th percentile)

Published: June 12, 2025

Last Updated: January 29, 2026

🔗 References

https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF Broken Link
https://sick.com/psirt Vendor Advisory
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices US Government Resource
https://www.first.org/cvss/calculator/3.1 Not Applicable
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json Vendor Advisory
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-49185, you might also want to check these: