CVE-2025-49181

Summary

Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensitive information. An attacker could also send HTTP POST requests to modify the log files’ root path as well as the TCP ports the service is running on, leading to a Denial of Service attack.

Affected Software

VendorProductVersion RangeStatus
SICK AGSICK Media Serverall versionsaffected

Weaknesses

  • CWE-862: CWE-862 Missing Authorization

Workarounds

It is possible to enable the authorization of the API endpoint via licence. Please contact your support to get a licence with API authorization enabled.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References