CVE-2025-49199
HIGHDescription
The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a backup ZIP, modify and re-upload it. This allows the attacker to disrupt the application by configuring the services in a way that they are unable to run, making the application unusable. They can redirect traffic that is meant to be internal to their own hosted services and gathering information.
Is your site exposed to CVE-2025-49199?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| sick | field_analytics |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-49199? +
How severe is CVE-2025-49199? +
What products are affected by CVE-2025-49199? +
How do I check if I'm vulnerable to CVE-2025-49199? +
Related Vulnerabilities
go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed …
Roadiz is a polymorphic content management system based on a node system. Prior to versions 2.3.43, 2.5.45, 2.6.31, and 2.7.18, …
Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated …
stats is a macOS system monitor in for the menu bar. The Stats application is vulnerable to a local privilege …
Hickory DNS is a Rust based DNS client, server, and resolver. A vulnerability present starting in version 0.8.0 and prior …
RISC Zero is a general computing platform based on zk-STARKs and the RISC-V microarchitecture. Due to a missing constraint in …