Cyber Resilience

CVE-2025-0593

HighRCE

Published: 14 February 2025

Published
14 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0014 33.8th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0593 is a high-severity Command Injection (CWE-77) vulnerability in Sick (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked at the 33.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-0593 is a command injection vulnerability (CWE-77) that allows a remote low-privileged attacker to execute arbitrary shell commands on affected devices by exploiting lower-level functions designed for device interaction. Published on 2025-02-14 with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), it impacts certain SICK products, as detailed in the vendor's advisories.

A remote attacker possessing low privileges can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation enables full control over the device, resulting in high-impact confidentiality, integrity, and availability violations, such as unauthorized data access, modification, or disruption.

SICK's PSIRT advisories, including the special cybersecurity information document (IM0084411.PDF) and CSAF provider document (sca-2025-0002.json), provide details on affected products and recommended mitigations. Additional resources from CISA on ICS practices and the FIRST CVSS calculator offer further context for assessment and remediation.

EU & UK References

Vulnerability details

The vulnerability may allow a remote low priviledged attacker to run arbitrary shell commands by using lower-level functions to interact with the device.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Command injection (CWE-77) directly enables arbitrary shell command execution (T1059) via remote exploitation of a network-accessible device function (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-67397Shared CWE-77
CVE-2024-55030Shared CWE-77
CVE-2025-24818Shared CWE-77
CVE-2025-9223Shared CWE-77
CVE-2026-8431Shared CWE-77
CVE-2026-44869Shared CWE-77
CVE-2025-70093Shared CWE-77
CVE-2026-34259Shared CWE-77
CVE-2026-44866Shared CWE-77
CVE-2026-20163Shared CWE-77

Affected Assets

Sick
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates command injection by requiring validation of all inputs to lower-level device interaction functions, preventing arbitrary shell command execution.

prevent

Remediates the specific command injection flaw in affected SICK products through timely patching as detailed in vendor advisories IM0084411 and sca-2025-0002.

prevent

Enforces least privilege to limit the impact of injected shell commands executed by low-privileged remote attackers.

References