CVE-2025-49200— Unencrypted backup contains sensitive information

CVSS 6.5 · Medium EPSS 0.30% · P54 Updated Jul 05, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-49200

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Unencrypted backup contains sensitive information

Source: NVD (National Vulnerability Database)

Vulnerability Description

The created backup files are unencrypted, making the application vulnerable for gathering sensitive information by downloading and decompressing the backup files.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

信息暴露

Source: NVD (National Vulnerability Database)

Vulnerability Title

SICK Field Analytics和SICK Media Server 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

SICK Field Analytics和SICK Media Server都是德国SICK公司的产品。SICK Field Analytics是一款用于评估制造数据的软件。SICK Media Server是一款媒体服务器。 SICK Field Analytics和SICK Media Server存在安全漏洞，该漏洞源于备份文件未加密，可能导致敏感信息泄露。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
SICK AG	SICK Field Analytics	all versions	-

II. Public POCs for CVE-2025-49200

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-49200

请登录查看更多情报信息。

Same Patch Batch · SICK AG · 2025-06-12 · 20 CVEs total

CVE-2025-49199	8.8 HIGH	Backup files can be modified and uploaded
CVE-2025-49181	8.6 HIGH	Configurations endpoint does not require authorization
CVE-2025-49194	7.5 HIGH	Unencrypted communication
CVE-2025-49182	7.5 HIGH	Credential disclosure
CVE-2025-49183	7.5 HIGH	Unencrypted communication (HTTP)
CVE-2025-49184	7.5 HIGH	Information disclosure to unauthorized user
CVE-2025-49197	6.5 MEDIUM	Deprecated TLS version supported
CVE-2025-49196	6.5 MEDIUM	Deprecated TLS version supported
CVE-2025-49185	5.5 MEDIUM	Stored Cross-Site-Script
CVE-2025-49195	5.3 MEDIUM	No protection against brute-force attacks
CVE-2025-49189	5.3 MEDIUM	Cookie missing HttpOnly flag
CVE-2025-49188	5.3 MEDIUM	Sensitive Data in URL
CVE-2025-49187	5.3 MEDIUM	User enumeration
CVE-2025-49186	5.3 MEDIUM	No brute-force protection
CVE-2025-49191	4.8 MEDIUM	Dashboards and iFrames can link malicious web content
CVE-2025-49190	4.3 MEDIUM	Server-Side Request Forgery
CVE-2025-49192	4.3 MEDIUM	Clickjacking
CVE-2025-49193	4.2 MEDIUM	Missing HTTP Security Headers
CVE-2025-49198	3.1 LOW	Poor quality of randomness in authorization tokens

IV. Related Vulnerabilities

Same product: SICK Field Analytics

Same vendor: SICK AG

Same weakness: CWE-200

V. Comments for CVE-2025-49200

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-49200— Unencrypted backup contains sensitive information

I. Basic Information for CVE-2025-49200

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-49200

III. Intelligence Information for CVE-2025-49200

Same Patch Batch · SICK AG · 2025-06-12 · 20 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-49200

Leave a comment