CVE-2025-58589

Information Disclosure Through Stacktrace

CVSS 2.7 LOWEPSS 0.3%CWE-200

Vexday Risk Score

8Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 2.7EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

06 Oct 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker thus receives information about the technology used and the structure of the application.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Affected products

SICK AG · Baggage Analytics SICK AG · Logistic Diagnostic Analytics SICK AG · Package Analytics SICK AG · Tire Analytics

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://sick.com/psirt https://www.cisa.gov/resources-tools/resources/ics-recommended-practices https://www.first.org/cvss/calculator/3.1 https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf