CVE-2025-9913

Summary

JavaScript can be ran inside the address bar via the dashboard "Open in new Tab" Button, making the application vulnerable to session hijacking.

Affected Software

VendorProductVersion RangeStatus
SICK AGBaggage Analytics0 < 4.6.3affected
SICK AGTire Analytics0 < 4.6.3affected
SICK AGPackage Analytics0 < 4.6.3affected
SICK AGLogistic Diagnostic Analytics0 < 4.6.3affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References