CVE-2025-49191

| EUVD-2025-18182 MEDIUM
2025-06-12 [email protected]
4.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 14, 2026 - 21:20 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 21:20 euvd
EUVD-2025-18182
CVE Published
Jun 12, 2025 - 14:15 nvd
MEDIUM 4.8

Tags

RCE XSS Field Analytics

Description

Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. The URLs get embedded as iFrame widgets, making it possible to attack other users that access the dashboard by including malicious code. The attack is only possible if the attacker is authorized to create new dashboards or iFrame widgets.

Analysis

Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. The URLs get embedded as iFrame widgets, making it possible to attack other users that access the dashboard by including malicious code. The attack is only possible if the attacker is authorized to create new dashboards or iFrame widgets.

Technical Context

This vulnerability is classified as Improper Restriction of Rendered UI Layers or Frames (CWE-1021).

Affected Products

Affected products: Sick Field Analytics

Remediation

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

Priority Score

24
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +24
POC: 0

Share

CVE-2025-49191 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy