Cyber Posture

CVE-2025-27595

Critical

Published: 14 March 2025

Published
14 March 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0010 26.4th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27595 is a critical-severity Use of Weak Hash (CWE-328) vulnerability in Sick (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Password Cracking (T1110.002); ranked at the 26.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-28 (Protection of Information at Rest).

Threat & Defense at a Glance

What attackers do: exploitation maps to Password Cracking (T1110.002) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

IA-5 Authenticator Management good match
prevent

IA-5 requires management of authenticators including passwords with sufficient strength and secure storage using resistant hashing to prevent easy computation by attackers.

SC-28 Protection of Information at Rest good match
prevent

SC-28 mandates cryptographic protection for information at rest, such as password hashes, directly countering weak hashing algorithms that expose credentials.

SI-2 Flaw Remediation good match
preventrecover

SI-2 ensures identification, reporting, and correction of flaws like weak password hashing through timely remediation such as firmware updates.

MITRE ATT&CK Enterprise TechniquesAI

T1110.002 Password Cracking Credential Access
Adversaries may use password cracking to attempt to recover usable credentials, such as plaintext passwords, when credential material such as password hashes are obtained.
attack.mitre.org →
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Weak password hashing (CWE-328) directly enables offline password cracking (T1110.002) to recover credentials; the network-accessible unauthenticated nature of the device allows remote exploitation for initial access (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

The device uses a weak hashing alghorithm to create the password hash. Hence, a matching password can be easily calculated by an attacker. This impacts the security and the integrity of the device.

Deeper analysisAI

CVE-2025-27595 is a critical vulnerability (CVSS 9.8) in the SICK DL100 device, stemming from the use of a weak hashing algorithm (CWE-328) to generate password hashes. This flaw allows attackers to easily compute a matching password, undermining the device's overall security and integrity. The vulnerability was published on 2025-03-14.

An unauthenticated attacker with network access can exploit this vulnerability with low complexity and no user interaction required (AV:N/AC:L/PR:N/UI:N/S:U). Successful exploitation grants high-impact access, enabling confidentiality, integrity, and availability compromises (C:H/I:H/A:H), such as unauthorized device control.

Mitigation details are provided in advisories from SICK, including a cybersecurity special information document at https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF and their PSIRT page at https://sick.com/psirt. Additional analysis appears in a Telekom security advisory at https://github.security.telekom.com/2025/03/multiple-vulnerabilities-in-sick-dl100.html.

Details

CWE(s)
CWE-328

Affected Products

Sick
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-40164Shared CWE-328

References