Injection via log file_CVE-2025-58580

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Description

An API endpoint allows arbitrary log entries to be created via POST request. Without sufficient validation of the input data, an attacker can create manipulated log entries and thus falsify or dilute logs, for example.

Basic Information

ID CVE-2025-58580

Source SICK AG

Published Oct 6, 2025 at 06:49

Modified Oct 6, 2025 at 07:09

Affected Product

Vendor SICK AG

Product Enterprise Analytics

Version all versions

Affected Versions SICK AG Enterprise Analytics all versions

CWE Classification

CWE-117

References

{
    "lastseen": "",
    "description": "An API  endpoint  allows  arbitrary  log  entries  to  be  created  via  POST request.  Without sufficient  validation  of the  input data, an attacker  can create manipulated log entries and thus falsify or dilute logs, for example.",
    "published": "2025-10-06T06:49:27.619Z",
    "modified": "2025-10-06T07:09:38.369Z",
    "type": "cve",
    "title": "Injection via log file",
    "source": "SICK AG",
    "references": "https://sick.com/psirt\nhttps://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf\nhttps://www.cisa.gov/resources-tools/resources/ics-recommended-practices\nhttps://www.first.org/cvss/calculator/3.1\nhttps://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json\nhttps://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf",
    "id": "CVE-2025-58580",
    "bulletinFamily": "",
    "cwe": [
        "CWE-117"
    ],
    "cvelist": null,
    "sourceData": "SICK AG Enterprise Analytics all versions",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Enterprise Analytics",
    "version": "all versions",
    "vendor": "SICK AG",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}