Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-49191

Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. The URLs get embedded as iFrame widgets, making it possible to attack other users that access the dashboard by including malicious code. The attack is only possible if the attacker is authorized to create new dashboards or iFrame widgets.

Published

2025-06-12T14:15:31.690

Last Modified

2025-06-12T16:06:20.180

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 4.8 (MEDIUM)

Weaknesses

Type: Secondary
CWE-1021

Affected Vendors & Products

References

https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF ([email protected])
https://sick.com/psirt ([email protected])
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices ([email protected])
https://www.first.org/cvss/calculator/3.1 ([email protected])
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json ([email protected])
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf ([email protected])