What is CVE-2025-49191?

CVE-2025-49191 is a medium-severity vulnerability in Sick Field_analytics, classified under Improper Restriction of Rendered UI Layers or Frames (Clickjacking). CVSS score: 4.8/10. Published 2025-06-12.

How severe is CVE-2025-49191?

Medium severity. CVSS v3 base score is 4.8 out of 10.

Vulnerability in Sick Field_analytics

CVE-2025-49191

Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. The URLs get embedded as iFrame widgets, making it possible to attack other users that access the dashboard by including malicious code. The…

EPSS: 0.003 (20.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.8 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N.

Affected products

Sick Field_analytics
Sick Ag Field Analytics — versions all versions

Weakness classification (CWE)

CWE-1021 — Improper Restriction of Rendered UI Layers or Frames (Clickjacking)

References

psirt@sick.de (Vendor Advisory, x_SICK PSIRT Website)
psirt@sick.de (x_SICK Operating Guidelines, Broken Link)
psirt@sick.de (US Government Resource, x_ICS-CERT recommended practices on Industrial Security)
psirt@sick.de (x_CVSS v3.1 Calculator, Not Applicable)
psirt@sick.de (vendor-advisory, Vendor Advisory)
psirt@sick.de (vendor-advisory, x_csaf, Vendor Advisory)

Frequently asked questions

What is CVE-2025-49191?: CVE-2025-49191 is a medium-severity vulnerability in Sick Field_analytics, classified under Improper Restriction of Rendered UI Layers or Frames (Clickjacking). CVSS score: 4.8/10. Published 2025-06-12.
How severe is CVE-2025-49191?: Medium severity. CVSS v3 base score is 4.8 out of 10.