What is the CVSS score of CVE-2025-49181?

CVE-2025-49181 has a CVSS 3.1 base score of 8.6 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H. EPSS exploitation probability: 0.2%.

Which versions of Media Server are affected by CVE-2025-49181?

An unauthenticated API vulnerability (CVE-2025-49181) allows attackers to access sensitive information and disrupt service availability by modifying critical configuration parameters.

How to fix or mitigate CVE-2025-49181?

Within 24 hours: Identify all systems running the affected service and restrict network access to the API endpoint using firewall rules. Within 7 days: Implement Web Application Firewall (WAF) rules to block unauthorized API requests and deploy network segmentation to limit exposure. Within 30 days: Monitor vendor communication for patch availability and establish a deployment timeline; conduct a security audit to identify any unauthorized access that may have occurred.

Media Server CVE-2025-49181

EUVD-2025-18173 HIGH

Missing Authorization (CWE-862)

2025-06-12 psirt@sick.de

Denial Of Service Authentication Bypass Information Disclosure Media Server

8.6

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.6 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 21:20 euvd

EUVD-2025-18173

Analysis Generated

Mar 14, 2026 - 21:20 vuln.today

CVE Published

Jun 12, 2025 - 14:15 nvd

HIGH 8.6

DescriptionCVE.org

Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensitive information. An attacker could also send HTTP POST requests to modify the log files’ root path as well as the TCP ports the service is running on, leading to a Denial of Service attack.

AnalysisAI

CVE-2025-49181 is an authorization bypass vulnerability in an unspecified API endpoint that allows unauthenticated remote attackers to read sensitive information via HTTP GET requests and modify service configuration (log paths, TCP ports) via HTTP POST requests, potentially causing denial of service. With a CVSS score of 8.6 and network-accessible attack vector requiring no authentication, this vulnerability presents a significant risk to exposed instances; KEV/EPSS/POC status cannot be confirmed from provided data, warranting immediate investigation of affected infrastructure.

Technical ContextAI

This vulnerability stems from CWE-862 (Missing Authorization), a common flaw where API endpoints lack proper authentication and authorization controls. The affected service exposes HTTP REST/API endpoints that process both read operations (GET requests returning sensitive data such as configuration, logs, or system information) and write operations (POST requests modifying runtime configuration including log file paths and listening TCP ports). The root cause is the absence of authorization checks before processing these requests, allowing any network-accessible client to interact with the API regardless of authentication status. This is particularly dangerous in microservices architectures and cloud deployments where services may be inadvertently exposed or accessible from untrusted networks. Without specific CPE data provided in the vulnerability description, the affected product cannot be precisely identified, though the nature of the vulnerability (API endpoint, logging configuration, port binding) suggests this may affect application servers, monitoring tools, or infrastructure management services.

RemediationAI

Immediate steps: (1) PATCH: Apply vendor security updates when available; consult vendor advisories for specific version numbers and update procedures; (2) RESTRICT ACCESS: Implement network-level access controls (firewalls, WAF, NACLs) to limit API endpoint exposure to trusted networks/IP ranges only; (3) AUTHENTICATION: If a patch is unavailable, enforce API authentication via API keys, OAuth2, or mutual TLS at the reverse proxy/load balancer layer; (4) AUTHORIZATION: Implement role-based access control (RBAC) on all API operations, validating user permissions before processing GET/POST requests; (5) AUDIT: Enable detailed API request logging to detect exploitation attempts; (6) MONITOR: Set alerts on configuration changes (port modifications, log path changes) to detect active exploitation. Workaround: Place the service behind an authenticated API gateway or reverse proxy that enforces authentication on all requests before forwarding to the vulnerable service.

CVE-2025-49181 vulnerability details – vuln.today

Back