CVE-2025-49153
published 2025-06-25CVE-2025-49153: The affected products could allow an unauthenticated attacker to overwrite files and execute arbitrary code.
PriorityP262critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.66%
47.0th percentile
The affected products could allow an unauthenticated attacker to overwrite files and execute arbitrary code.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsens | nmp_web | <= Version 3.2.5 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2025-49153 is a path traversal (CWE-22) vulnerability in MICROSENS NMP Web+ allowing unauthenticated file overwrite and arbitrary code execution — detect unauthenticated HTTP requests containing path traversal sequences (e.g., '../') targeting the NMP Web+ application endpoint ↗
- →CVE-2025-49153 is chained with CVE-2025-49151 (hard-coded JWT secret enabling forged tokens) and CVE-2025-49152 (non-expiring JWTs) — monitor for JWT authentication bypass attempts (malformed or forged JWT tokens) against NMP Web+ followed by file-write or code-execution activity ↗
- →Affected product scope: MICROSENS NMP Web+ Version 3.2.5 and prior — flag any internet-exposed instances of this product version as high-priority targets ↗
- ·No public exploitation has been reported as of the advisory publication date; no concrete IOCs (hashes, IPs, domains, exploit URLs) are present in the available sources ↗
- ·The path traversal vulnerability (CVE-2025-49153) is unauthenticated, meaning exploitation does not require a valid session — detection logic should not filter on authentication state ↗
- ·JWTs issued by NMP Web+ 3.2.5 and prior do not expire, meaning captured tokens remain valid indefinitely and cannot be invalidated by session timeout controls ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
MICROSENS NMP Web+
cisa_ics·2025-06-24·CVSS 9.3
[CRITICAL] MICROSENS NMP Web+
ICS Advisory
##
MICROSENS NMP Web+
Release DateJune 24, 2025
Alert CodeICSA-25-175-07
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.3
- ATTENTION: Exploitable remotely/Low attack complexity
- Vendor: MICROSENS
- Equipment: NMP Web+
- Vulnerabilities: Use of Hard-coded, Security-relevant Constants, Insufficient Session Expiration, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to gain system access, overwrite files or execute arbitrary code.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of NMP Web+ are affected:
- N
GHSA
GHSA-j5hw-6f92-5gw9: MICROSENS NMP Web+
could allow an unauthenticated attacker to overwrite files and execute arbitrary code
ghsa_unreviewed·2025-06-26
CVE-2025-49153 [CRITICAL] CWE-22 GHSA-j5hw-6f92-5gw9: MICROSENS NMP Web+
could allow an unauthenticated attacker to overwrite files and execute arbitrary code
MICROSENS NMP Web+
could allow an unauthenticated attacker to overwrite files and execute arbitrary code.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-06-25
Published