CVE-2025-59461
Published: 27 October 2025
Description
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Security Summary
CVE-2025-59461 is a vulnerability (CWE-862: Missing Authorization) in an unauthenticated C++ API that affects products from SICK, as detailed in their advisories. Published on 2025-10-27, it has a CVSS v3.1 base score of 7.6 (High), with vector AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H, indicating adjacent network access with low attack complexity, no privileges or user interaction required, low confidentiality and integrity impact, and high availability impact. A remote unauthenticated attacker can exploit this to access or modify sensitive data and disrupt services.
The attack requires adjacency to the affected network (AV:A), allowing a remote unauthenticated attacker with low complexity to target the API directly. Successful exploitation enables limited access to or modification of sensitive data (C:L/I:L), alongside high disruption to service availability (A:H), such as denial-of-service conditions.
Mitigation details are available in SICK's PSIRT advisory at https://sick.com/psirt and the associated CSAF provider document (sca-2025-0013) in JSON and PDF formats at https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.json and https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.pdf. Additional ICS security practices are referenced via CISA at https://www.cisa.gov/resources-tools/resources/ics-recommended-practices.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Unauthenticated API missing authorization (AV:A/PR:N) enables remote exploitation of a service for limited data access/modification (C:L/I:L) per T1210 and high-impact service disruption/DoS per T1499.004.