CVE-2025-49183
HIGHSICK media_server - Cleartext Transmission of Sensitive Information via REST API
Title source: llmDescription
All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files.
References (6)
Core 6
Core References
Vendor Advisory x_sick psirt website
https://sick.com/psirt
Broken Link x_sick operating guidelines
https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF
US Government Resource x_ics-cert recommended practices on industrial security
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
Not Applicable x_cvss v3.1 calculator
https://www.first.org/cvss/calculator/3.1
Vendor Advisory vendor-advisory
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf
Vendor Advisory vendor-advisory
x_csaf
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json
Scores
CVSS v3
7.5
EPSS
0.0026
EPSS Percentile
17.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-319
Status
published
Products (1)
sick/media_server
Published
Jun 12, 2025
Tracked Since
Feb 18, 2026