CVE-2025-27593

Critical

Published: 14 March 2025

Published

14 March 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

EPSS Score 0.0019 40.8th percentile

Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27593 is a critical-severity Download of Code Without Integrity Check (CWE-494) vulnerability in Sick (inferred from references). Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 40.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-3 (Malicious Code Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-7 Software, Firmware, and Information Integrity good match

prevent

SI-7 requires integrity verification mechanisms for software and firmware, directly mitigating the missing download verification checks that allow malicious SDD Device Drivers.

CM-14 Signed Components good match

prevent

CM-14 enforces the use of digitally signed components, preventing installation and execution of unsigned malicious drivers lacking integrity verification.

SI-3 Malicious Code Protection good match

preventdetect

SI-3 deploys malicious code protection with real-time scanning of downloaded files from external sources, blocking or identifying malicious drivers before execution.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

T1204.002 Malicious File Execution

An adversary may rely upon a user opening a malicious file in order to gain execution.

attack.mitre.org →

Why these techniques?

The vulnerability in SDD Device Drivers enables client-side exploitation for arbitrary code execution via unverified downloads (T1203) and facilitates user execution of a malicious driver file after social engineering to induce download/install (T1204.002).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

NVD Description

The product can be used to distribute malicious code using SDD Device Drivers due to missing download verification checks, leading to code execution on target systems.

Deeper analysisAI

CVE-2025-27593 is a high-severity vulnerability (CVSS 9.3, vector AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N) published on 2025-03-14, associated with CWE-494 (Download of Code Without Integrity Check). It affects SICK products, particularly the DL100 series, where SDD Device Drivers lack verification checks for downloads. This flaw allows the product to distribute malicious code, resulting in arbitrary code execution on target systems.

A remote attacker requires no privileges or authentication and can exploit the issue over the network with low attack complexity, though user interaction is necessary, such as inducing a user to download or install a malicious driver. Successful exploitation grants high-impact confidentiality and integrity violations with a changed scope, enabling code execution on the victim's system without affecting availability.

Advisories and mitigation guidance are detailed in SICK's special cybersecurity information document, their PSIRT page at sick.com/psirt, and a Telekom Security report on multiple vulnerabilities in SICK DL100. Additional context includes CISA's ICS recommended practices and the FIRST CVSS 3.1 calculator.