CVE-2025-27455

MEDIUM

Web Application - CSRF

Title source: llm

Description

The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of their computer while clicking on seemingly innocuous objects.

References (6)

[Product] https://www.endress.com

[Vendor Advisory] https://sick.com/psirt

[US Government Resource] https://www.cisa.gov/resources-tools/resources/ics-recommended-practices

[Not Applicable] https://www.first.org/cvss/calculator/3.1

[Vendor Advisory] https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.json

[Vendor Advisory] https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.pdf

Scores

CVSS v3 4.3

EPSS 0.0023

EPSS Percentile 45.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1021

Status published

Products (1)

endress/meac300-fnade4_firmware < 0.16.0

Published Jul 03, 2025

Tracked Since Feb 18, 2026