CVE-2025-9914
CVE-2025-9914
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
06 Oct 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The credentials of the users stored in the system's local database can be used for the log in, making it possible for an attacker to gain unauthorized access. This could potentially affect the confidentiality of the application.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
SICK AG · Baggage AnalyticsSICK AG · Logistic Diagnostic AnalyticsSICK AG · Package AnalyticsSICK AG · Tire AnalyticsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://sick.com/psirthttps://www.cisa.gov/resources-tools/resources/ics-recommended-practiceshttps://www.first.org/cvss/calculator/3.1https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdfhttps://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.jsonhttps://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf