Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-9913
PUBLISHED
More InfoOfficial Page
Assigner-SICK AG
Assigner Org ID-a6863dd2-93fc-443d-bef1-79f0b5020988
View Known Exploited Vulnerability (KEV) details
Published At-06 Oct, 2025 | 06:40
Updated At-13 May, 2026 | 11:49
Rejected At-
▼CVE Numbering Authority (CNA)
Cross Site Scripting: Session Hijacking

JavaScript can be ran inside the address bar via the dashboard "Open in new Tab" Button, making the application vulnerable to session hijacking.

Affected Products
Vendor
SICK AGSICK AG
Product
Baggage Analytics
Default Status
affected
Versions
Affected
  • From 0 before 4.6.3 (custom)
Vendor
SICK AGSICK AG
Product
Tire Analytics
Default Status
affected
Versions
Affected
  • From 0 before 4.6.3 (custom)
Vendor
SICK AGSICK AG
Product
Package Analytics
Default Status
affected
Versions
Affected
  • From 0 before 4.6.3 (custom)
Vendor
SICK AGSICK AG
Product
Logistic Diagnostic Analytics
Default Status
affected
Versions
Affected
  • From 0 before 4.6.3 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
3.14.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 4.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

It is strongly recommended to update the product to version 4.6.3.

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://sick.com/psirt
x_SICK PSIRT Security Advisories
https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf
x_SICK Operating Guidelines
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
x_ICS-CERT recommended practices on Industrial Security
https://www.first.org/cvss/calculator/3.1
x_CVSS v3.1 Calculator
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json
x_The canonical URL.
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf
vendor-advisory
Hyperlink: https://sick.com/psirt
Resource:
x_SICK PSIRT Security Advisories
Hyperlink: https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf
Resource:
x_SICK Operating Guidelines
Hyperlink: https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
Resource:
x_ICS-CERT recommended practices on Industrial Security
Hyperlink: https://www.first.org/cvss/calculator/3.1
Resource:
x_CVSS v3.1 Calculator
Hyperlink: https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json
Resource:
x_The canonical URL.
Hyperlink: https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found