What is CVE-2025-49189?

CVE-2025-49189 is a medium-severity vulnerability in Sick Ag Media Server, classified under Sensitive Cookie Without 'HttpOnly' Flag. CVSS score: 5.3/10. Published 2025-06-12.

How severe is CVE-2025-49189?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Vulnerability in Sick Ag Media Server

CVE-2025-49189

The HttpOnlyflag of the session cookie \"@@\" is set to false. Since this flag helps preventing access to cookies via client-side scripts, setting the flag to false can lead to a higher possibility of Cross-Side-Scripting attacks which tar…

EPSS: 0.002 (48.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Sick Ag Media Server — versions 0

Weakness classification (CWE)

CWE-1004 — Sensitive Cookie Without 'HttpOnly' Flag

References

sick.com/psirt (x_SICK PSIRT Website)
cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_I… (x_SICK Operating Guidelines)
www.cisa.gov/resources-tools/resources/ics-recommended-practices (x_ICS-CERT recommended practices on Industrial Security)
www.first.org/cvss/calculator/3.1 (x_CVSS v3.1 Calculator)
www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf (vendor-advisory)
www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json (vendor-advisory, x_csaf)

Frequently asked questions

What is CVE-2025-49189?: CVE-2025-49189 is a medium-severity vulnerability in Sick Ag Media Server, classified under Sensitive Cookie Without 'HttpOnly' Flag. CVSS score: 5.3/10. Published 2025-06-12.
How severe is CVE-2025-49189?: Medium severity. CVSS v3 base score is 5.3 out of 10.