cbcvebase.
CVE-2025-13483
published 2025-11-25

CVE-2025-13483: SiRcom SMART Alert (SiSA) allows unauthorized access to backend APIs. This allows an unauthenticated attacker to bypass the login screen using browser…

PriorityP260high8.8CVSS 4.0
AVNACLATNPRNUINVCNVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.31%
22.3th percentile
SiRcom SMART Alert (SiSA) allows unauthorized access to backend APIs. This allows an unauthenticated attacker to bypass the login screen using browser developer tools, gaining access to restricted parts of the application.

Affected

1 ranges
VendorProductVersion rangeFixed in
sircomsmart_alert_sisa

Detection & IOCsextracted from sources · hover to see the quote

  • Unauthenticated access to backend APIs is possible without valid credentials; monitor for requests to restricted API endpoints originating from unauthenticated sessions (no valid session token/cookie present).
  • Alert on any network-originated (AV:N) unauthenticated requests that successfully reach backend API functions on SiSA Version 3.0.48, particularly those capable of activating or manipulating emergency sirens.
  • ·Only version 3.0.48 of SiRcom SMART Alert (SiSA) is confirmed affected; scope detection rules accordingly.
  • ·No patch is available at time of publication; SiRcom did not respond to CISA coordination. Mitigation relies on network segmentation and restricting internet exposure.
  • ·No known public exploitation has been reported at time of publication, but the vulnerability is remotely exploitable with low attack complexity and no authentication required.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.