Skip to main content

Media Server CVE-2025-49192

| EUVD-2025-18191 MEDIUM
Improper Restriction of Rendered UI Layers or Frames (CWE-1021)
2025-06-12 psirt@sick.de
XSS Media Server Field Analytics
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
1.5
EUVD ID Assigned
Mar 14, 2026 - 21:20 euvd
EUVD-2025-18191
Analysis Generated
Mar 14, 2026 - 21:20 vuln.today
CVE Published
Jun 12, 2025 - 15:15 nvd
MEDIUM 4.3

DescriptionCVE.org

The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives. This could potentially reveal confidential information or allow others to take control of their computer while clicking on seemingly innocuous objects.

Analysis

The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives. This could potentially reveal confidential information or allow others to take control of their computer while clicking on seemingly innocuous objects.

Technical ContextAI

This vulnerability is classified as Improper Restriction of Rendered UI Layers or Frames (CWE-1021).

RemediationAI

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

Share

CVE-2025-49192 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy