CVE-2025-49187— User enumeration

CVSS 5.3 · Medium EPSS 0.38% · P60 Updated Jun 12, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-49187

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

User enumeration

Source: NVD (National Vulnerability Database)

Vulnerability Description

For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

响应差异性信息暴露

Source: NVD (National Vulnerability Database)

Vulnerability Title

SICK Field Analytics和SICK Media Server 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

SICK Field Analytics和SICK Media Server都是德国SICK公司的产品。SICK Field Analytics是一款用于评估制造数据的软件。SICK Media Server是一款媒体服务器。 SICK Field Analytics 和SICK Media Server存在安全漏洞，该漏洞源于登录失败时返回不同错误消息，可能导致用户名枚举攻击。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
SICK AG	SICK Field Analytics	all versions	-

II. Public POCs for CVE-2025-49187

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-49187

请登录查看更多情报信息。

Same Patch Batch · SICK AG · 2025-06-12 · 20 CVEs total

CVE-2025-49199	8.8 HIGH	Backup files can be modified and uploaded
CVE-2025-49181	8.6 HIGH	Configurations endpoint does not require authorization
CVE-2025-49182	7.5 HIGH	Credential disclosure
CVE-2025-49183	7.5 HIGH	Unencrypted communication (HTTP)
CVE-2025-49194	7.5 HIGH	Unencrypted communication
CVE-2025-49184	7.5 HIGH	Information disclosure to unauthorized user
CVE-2025-49197	6.5 MEDIUM	Deprecated TLS version supported
CVE-2025-49200	6.5 MEDIUM	Unencrypted backup contains sensitive information
CVE-2025-49196	6.5 MEDIUM	Deprecated TLS version supported
CVE-2025-49185	5.5 MEDIUM	Stored Cross-Site-Script
CVE-2025-49189	5.3 MEDIUM	Cookie missing HttpOnly flag
CVE-2025-49188	5.3 MEDIUM	Sensitive Data in URL
CVE-2025-49186	5.3 MEDIUM	No brute-force protection
CVE-2025-49195	5.3 MEDIUM	No protection against brute-force attacks
CVE-2025-49191	4.8 MEDIUM	Dashboards and iFrames can link malicious web content
CVE-2025-49192	4.3 MEDIUM	Clickjacking
CVE-2025-49190	4.3 MEDIUM	Server-Side Request Forgery
CVE-2025-49193	4.2 MEDIUM	Missing HTTP Security Headers
CVE-2025-49198	3.1 LOW	Poor quality of randomness in authorization tokens

IV. Related Vulnerabilities

Same product: SICK Field Analytics

Same vendor: SICK AG

Same weakness: CWE-204

V. Comments for CVE-2025-49187

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-49187— User enumeration

I. Basic Information for CVE-2025-49187

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-49187

III. Intelligence Information for CVE-2025-49187

Same Patch Batch · SICK AG · 2025-06-12 · 20 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-49187

Leave a comment