CVE-2025-49188

High

The application sends user credentials as URL parameters instead of POST bodies, making it vulnerable to information gathering.

SICK AG·CWE-598·Published 2025-06-12

CVSS

7.5

EPSS

0.00

KEV

Exploits

cve.orgen

127 chars

The application sends user credentials as URL parameters instead of POST bodies, making it vulnerable to information gathering.

NVDen

127 chars

The application sends user credentials as URL parameters instead of POST bodies, making it vulnerable to information gathering.

NVDes

157 chars

La aplicación envía las credenciales del usuario como parámetros de URL en lugar de cuerpos POST, lo que la hace vulnerable a la recopilación de información.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.1	Primary	cve.org	5.3	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N