CVE-2025-49151
published 2025-06-25CVE-2025-49151: The affected products could allow an unauthenticated attacker to generate forged JSON Web Tokens (JWT) to bypass authentication.
PriorityP262critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.54%
41.1th percentile
The affected products could allow an unauthenticated attacker to generate forged JSON Web Tokens (JWT) to bypass authentication.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsens | nmp_web | <= Version 3.2.5 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2025-49151 exploits a hard-coded, security-relevant constant (CWE-547) in MICROSENS NMP Web+ to forge JWT tokens and bypass authentication; detect unauthenticated requests bearing JWT tokens to NMP Web+ endpoints, especially from unexpected sources ↗
- →NMP Web+ versions 3.2.5 and prior are vulnerable; flag any NMP Web+ instance not yet updated to 3.3.0 as at-risk for forged JWT authentication bypass ↗
- →The vulnerability is remotely exploitable with no authentication and low attack complexity (CVSS v4 9.3, AV:N/AC:L/AT:N/PR:N/UI:N); prioritize network-level monitoring for unauthenticated access attempts to NMP Web+ management interfaces ↗
- ·The hard-coded JWT secret is embedded in the product itself (CWE-547); any JWT signed with this static secret should be treated as potentially forged until the device is patched to version 3.3.0 ↗
- ·A related vulnerability (CVE-2025-49152) means JWTs issued by NMP Web+ 3.2.5 and prior do not expire, compounding the risk — even revoked sessions may remain valid ↗
- ·A chained path traversal vulnerability (CVE-2025-49153) allows an unauthenticated attacker who has forged a JWT to overwrite files and execute arbitrary code, making CVE-2025-49151 a critical first step in a full RCE chain ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
MICROSENS NMP Web+
cisa_ics·2025-06-24·CVSS 9.3
[CRITICAL] MICROSENS NMP Web+
ICS Advisory
##
MICROSENS NMP Web+
Release DateJune 24, 2025
Alert CodeICSA-25-175-07
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.3
- ATTENTION: Exploitable remotely/Low attack complexity
- Vendor: MICROSENS
- Equipment: NMP Web+
- Vulnerabilities: Use of Hard-coded, Security-relevant Constants, Insufficient Session Expiration, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to gain system access, overwrite files or execute arbitrary code.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of NMP Web+ are affected:
- N
GHSA
GHSA-qcp5-jccp-3p6h: MICROSENS NMP Web+ could allow an unauthenticated attacker to generate forged JSON Web Tokens (JWT) to bypass authentication
ghsa_unreviewed·2025-06-26
CVE-2025-49151 [CRITICAL] CWE-547 GHSA-qcp5-jccp-3p6h: MICROSENS NMP Web+ could allow an unauthenticated attacker to generate forged JSON Web Tokens (JWT) to bypass authentication
MICROSENS NMP Web+ could allow an unauthenticated attacker to generate forged JSON Web Tokens (JWT) to bypass authentication.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-06-25
Published