What is the CVSS score of CVE-2025-49193?

CVE-2025-49193 has a CVSS 3.1 base score of 4.2 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N. EPSS exploitation probability: 0.1%.

Which versions of Baggage Analytics are affected by CVE-2025-49193?

CVE-2025-49193 presents moderate security risk, a protection bypass vulnerability rated CVSS 4.2. Exploitation could compromise the security of affected deployments.. A patch is available.

How to fix or mitigate CVE-2025-49193?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Baggage Analytics CVE-2025-49193

EUVD-2025-18192 MEDIUM

Protection Mechanism Failure (CWE-693)

2025-06-12 psirt@sick.de

XSS Baggage Analytics Package Analytics Field Analytics Logistic Diagnostic Analytics Media Server Tire Analytics

4.2

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

4.2 MEDIUM

AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

1.5

EUVD ID Assigned

Mar 14, 2026 - 21:20 euvd

EUVD-2025-18192

Analysis Generated

Mar 14, 2026 - 21:20 vuln.today

CVE Published

Jun 12, 2025 - 15:15 nvd

MEDIUM 4.2

DescriptionCVE.org

The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks).

Analysis

Technical ContextAI

Cross-site scripting (XSS) allows injection of client-side scripts into web pages viewed by other users due to insufficient output encoding. This vulnerability is classified as Protection Mechanism Failure (CWE-693).

RemediationAI

Encode all user-supplied output contextually (HTML, JS, URL). Implement Content Security Policy (CSP) headers. Use HTTPOnly and Secure cookie flags.

CVE-2025-49193 vulnerability details – vuln.today

Back