What is the CVSS score of CVE-2025-49199?

CVE-2025-49199 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Field Analytics are affected by CVE-2025-49199?

An attacker can intercept and modify application backups to disable critical services or redirect internal traffic to malicious endpoints, rendering the application unusable and exposing sensitive…

How to fix or mitigate CVE-2025-49199?

Within 24 hours: disable or restrict access to backup download/upload functionality if operationally feasible, and audit recent backup activity for unauthorized modifications. Within 7 days: implement compensating controls including network segmentation to limit backup access and deploy monitoring for anomalous service configurations. Within 30 days: establish a formal vulnerability tracking plan with the vendor, implement cryptographic signing verification for backups in a workaround solution if available, and conduct a full impact assessment of backup integrity.

Field Analytics CVE-2025-49199

EUVD-2025-18177 HIGH

Insufficient Verification of Data Authenticity (CWE-345)

2025-06-12 psirt@sick.de

Information Disclosure Authentication Bypass Denial Of Service Field Analytics

8.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 21:20 euvd

EUVD-2025-18177

Analysis Generated

Mar 14, 2026 - 21:20 vuln.today

CVE Published

Jun 12, 2025 - 15:15 nvd

HIGH 8.8

DescriptionCVE.org

The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a backup ZIP, modify and re-upload it. This allows the attacker to disrupt the application by configuring the services in a way that they are unable to run, making the application unusable. They can redirect traffic that is meant to be internal to their own hosted services and gathering information.

AnalysisAI

CVE-2025-49199 is a security vulnerability (CVSS 8.8) that allows the attacker. High severity vulnerability requiring prompt remediation.

Technical ContextAI

Vulnerability type not specified by vendor. CVSS 8.8 indicates high severity.

RemediationAI

Monitor vendor channels for patch availability.

CVE-2025-49199 vulnerability details – vuln.today

Back

Field Analytics CVE-2025-49199

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code