What is CVE-2025-49181?

CVE-2025-49181 is a high-severity vulnerability in Sick Media_server, classified under Missing Authorization. CVSS score: 8.6/10. Published 2025-06-12.

How severe is CVE-2025-49181?

High severity. CVSS v3 base score is 8.6 out of 10.

Auth bypass in Sick Media_server

CVE-2025-49181

Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensitive information. An attacker could also send HTTP POST requests to modify the log files’ root path as well as the TCP ports the…

Vulnerability class: Broken Access Control

EPSS: 0.003 (25.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H.

Affected products

Sick Media_server
Sick Ag Media Server — versions all versions

Weakness classification (CWE)

CWE-862 — Missing Authorization

References

psirt@sick.de (Vendor Advisory, x_SICK PSIRT Website)
psirt@sick.de (x_SICK Operating Guidelines, Broken Link)
psirt@sick.de (US Government Resource, x_ICS-CERT recommended practices on Industrial Security)
psirt@sick.de (x_CVSS v3.1 Calculator, Not Applicable)
psirt@sick.de (vendor-advisory, Vendor Advisory)
psirt@sick.de (vendor-advisory, x_csaf, Vendor Advisory)

Frequently asked questions

What is CVE-2025-49181?: CVE-2025-49181 is a high-severity vulnerability in Sick Media_server, classified under Missing Authorization. CVSS score: 8.6/10. Published 2025-06-12.
How severe is CVE-2025-49181?: High severity. CVSS v3 base score is 8.6 out of 10.