Cyber Resilience

CVE-2025-58587

Medium

Published: 06 October 2025

Published
06 October 2025
Modified
27 January 2026
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
EPSS Score 0.0024 47.7th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-58587 is a medium-severity Improper Restriction of Excessive Authentication Attempts (CWE-307) vulnerability in Sick Baggage Analytics. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Password Guessing (T1110.001); ranked at the 47.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-7 (Unsuccessful Logon Attempts) and AU-2 (Event Logging).

Deeper analysis

CVE-2025-58587 is a vulnerability in SICK applications that fails to implement adequate controls to limit multiple failed authentication attempts within a short timeframe, enabling attackers to brute-force guess user credentials. Published on 2025-10-06, it is associated with CWE-307 (Improper Restriction of Excessive Authentication Attempts) and carries a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L), reflecting medium severity due to its network accessibility, low attack complexity, and lack of prerequisites for exploitation.

An unauthenticated remote attacker can exploit this vulnerability over the network by rapidly submitting authentication requests, increasing the likelihood of successfully guessing valid credentials. Upon success, the attacker achieves low-impact effects on integrity (I:L) and availability (A:L), potentially allowing unauthorized modifications or disruptions tied to the guessed account's privileges.

Mitigation guidance is detailed in SICK's advisories, including the PSIRT page at https://sick.com/psirt and the CSAF provider document sca-2025-0010 available at https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json and https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf. Additional context is provided by CISA's ICS recommended practices at https://www.cisa.gov/resources-tools/resources/ics-recommended-practices and the FIRST CVSS v3.1 calculator at https://www.first.org/cvss/calculator/3.1.

EU & UK References

Vulnerability details

The application does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it possible for an attacker to guess user credentials.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1110.001 Password Guessing Credential Access
Adversaries with no prior knowledge of legitimate credentials within the system or environment may guess passwords to attempt access to accounts.
Why these techniques?

The vulnerability fails to restrict excessive authentication attempts (CWE-307), directly enabling brute-force password guessing (T1110.001) over the network.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-9342Shared CWE-307
CVE-2026-24436Shared CWE-307
CVE-2026-32292Shared CWE-307
CVE-2026-27521Shared CWE-307
CVE-2025-36363Shared CWE-307
CVE-2026-22907Same vendor: Sick
CVE-2024-51476Shared CWE-307
CVE-2025-9004Shared CWE-307
CVE-2025-64310Shared CWE-307
CVE-2023-54347Shared CWE-307

Affected Assets

sick
baggage analytics
all versions
sick
enterprise analytics
all versions
sick
logistic diagnostic analytics
all versions
sick
package analytics
all versions
sick
tire analytics
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

AC-7 requires establishing and enforcing limits on consecutive unsuccessful logon attempts with account lockouts or delays, directly preventing brute-force credential guessing exploited in this CVE.

prevent

SC-5 mandates denial-of-service protections such as rate limiting network requests, mitigating rapid submission of authentication attempts over the network.

AU-2 Event Logging partial match
detect

AU-2 requires logging unsuccessful logon attempts as auditable events, enabling detection of brute-force attacks in progress.

References