CVE-2025-13483

Summary

SiRcom SMART Alert (SiSA) allows unauthorized access to backend APIs. This allows an unauthenticated attacker to bypass the login screen using browser developer tools, gaining access to restricted parts of the application.

Affected Software

VendorProductVersion RangeStatus
SiRcomSMART Alert (SiSA3.0.48affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

Workarounds

SiRcom did not respond to CISA's request for coordination. Contact SiRcom using their contact page at  https://sircom.org/contact/  for more information.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References