CVE-2025-58584
published 2025-10-06CVE-2025-58584: In the HTTP request, the username and password are transferred directly in the URL as parameters. However, URLs can be stored in various systems such as server…
PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.36%
27.4th percentile
In the HTTP request, the username and password are transferred directly in the URL as parameters. However, URLs can be stored in various systems such as server logs, browser histories or proxy servers. As a result, there is a high risk that this sensitive data will be disclosed unintentionally.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sick_ag | baggage_analytics | < 4.6.3 | 4.6.3 |
| sick_ag | enterprise_analytics | — | — |
| sick_ag | logistic_diagnostic_analytics | < 4.6.3 | 4.6.3 |
| sick_ag | package_analytics | < 4.6.3 | 4.6.3 |
| sick_ag | tire_analytics | < 4.6.3 | 4.6.3 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://sick.com/psirthttps://www.cisa.gov/resources-tools/resources/ics-recommended-practiceshttps://www.first.org/cvss/calculator/3.1https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.jsonhttps://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdfhttps://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf
2025-10-06
Published