CVE-2025-49182 PUBLISHED

Credential disclosure

Assigner: SICK AG
Reserved: 03.06.2025 Published: 12.06.2025 Updated: 16.06.2025

Files in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker to get full access to the application.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS Score: 7.5

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	None
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	SICK AG
Product	SICK Media Server
Versions	Default: unaffected affected from 0 to 1.5 (excl.)

Solutions

Users are strongly recommended to upgrade to the latest release of Media Server (>= 1.5). It is also advised to change the default passwords.

References

https://sick.com/psirt
https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
https://www.first.org/cvss/calculator/3.1
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json

Problem Types

CWE-540 Inclusion of Sensitive Information in Source Code CWE