CVE-2025-49190 – This CVE describes a Server-Side Request Forger... (How to Fix)

Q: What is the severity of CVE-2025-49190?

CVE-2025-49190 has a CVSS score of 4.3 (MEDIUM). This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in SICK industrial automation products. An attacker can exploit an endpoint to make the server send requests to internal network services on other ports. This affects systems running vulnerable SICK software versions.

📋 TL;DR

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in SICK industrial automation products. An attacker can exploit an endpoint to make the server send requests to internal network services on other ports. This affects systems running vulnerable SICK software versions.

💻 Affected Systems

Products:

SICK industrial automation products (specific models not detailed in provided references)

Versions: Not specified in provided references

Operating Systems: Industrial control system platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Affects SICK products with vulnerable endpoints exposed. The vulnerability exists in the application layer regardless of underlying OS.

📦 What is this software?

Field Analytics by Sick

View all CVEs affecting Field Analytics →

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could access sensitive internal services, potentially leading to data exfiltration, internal network reconnaissance, or chaining with other vulnerabilities to achieve remote code execution.

🟠

Likely Case

Attackers could scan internal network services, access metadata services, or interact with internal APIs that weren't intended to be exposed.

🟢

If Mitigated

With proper network segmentation and input validation, the impact is limited to accessing only non-sensitive services within the same security zone.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires knowledge of vulnerable endpoints and ability to craft SSRF payloads. No public exploit code was found in provided references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in provided references

Vendor Advisory: https://sick.com/psirt

Restart Required: Yes

Instructions:

1. Check SICK PSIRT for specific advisory. 2. Apply vendor-provided patches. 3. Restart affected services. 4. Verify fix implementation.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected systems from sensitive internal networks using firewalls

Input Validation

all

Implement strict validation on endpoint inputs to reject SSRF payloads

🧯 If You Can't Patch

Implement strict network access controls to limit what internal services the vulnerable system can reach
Deploy web application firewall (WAF) rules to detect and block SSRF patterns

🔍 How to Verify

Check if Vulnerable:

Test if endpoint accepts URLs pointing to internal services (e.g., http://localhost:8080, http://169.254.169.254)

Check Version:

Check product firmware/software version via device interface or vendor tools

Verify Fix Applied:

Retest SSRF payloads after patch application; successful requests to internal services should be blocked

📡 Detection & Monitoring

Log Indicators:

Unusual outbound requests from server to internal IPs
Requests to metadata services (169.254.169.254)
Multiple failed connection attempts to various internal ports

Network Indicators:

Server making unexpected connections to internal services
Traffic patterns showing port scanning from server

SIEM Query:

source_ip=[server_ip] AND (dest_ip=169.254.169.254 OR dest_port>1024) AND protocol=HTTP

📊 Metadata

CVE ID: CVE-2025-49190

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-918

EPSS Score: 0.09% exploit probability (24.6th percentile)

Published: June 12, 2025

Last Updated: January 29, 2026

🔗 References

https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF Broken Link
https://sick.com/psirt Vendor Advisory
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices US Government Resource
https://www.first.org/cvss/calculator/3.1 Not Applicable
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json Vendor Advisory
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-49190, you might also want to check these: