What is the CVSS score of CVE-2025-49184?

CVE-2025-49184 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.2%.

Which versions of Field Analytics are affected by CVE-2025-49184?

An unpatched vulnerability in our application allows unauthenticated attackers to access sensitive configuration information without proper authorization checks.

How to fix or mitigate CVE-2025-49184?

Within 24 hours: Inventory all instances of the affected product in production and development environments; confirm exposure status by testing access to configuration endpoints without authentication. Within 7 days: Implement compensating controls (WAF rules, network segmentation, or API authentication enforcement); document the vulnerability in your risk register and establish communication with the vendor for patch timeline. Within 30 days: Conduct a security assessment to identify what sensitive information may have been exposed; develop a remediation plan based on patch availability; consider temporary feature disablement if exposure is critical.

Field Analytics CVE-2025-49184

EUVD-2025-18187 HIGH

Information Exposure (CWE-200)

2025-06-12 psirt@sick.de

Information Disclosure Authentication Bypass Field Analytics Baggage Analytics Package Analytics Enterprise Analytics Logistic Diagnostic Analytics Tire Analytics

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 21:20 euvd

EUVD-2025-18187

Analysis Generated

Mar 14, 2026 - 21:20 vuln.today

CVE Published

Jun 12, 2025 - 14:15 nvd

HIGH 7.5

DescriptionCVE.org

A remote unauthorized attacker may gather sensitive information of the application, due to missing authorization of configuration settings of the product.

AnalysisAI

A information disclosure vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.

Technical ContextAI

CWE-200 (Information Exposure). CVSS 7.5 indicates high severity.

RemediationAI

Monitor vendor channels for patch availability.

CVE-2025-49184 vulnerability details – vuln.today

Back

Field Analytics CVE-2025-49184

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code