Cyber Resilience

CVE-2025-59379

High

Published: 06 January 2026

Published
06 January 2026
Modified
29 January 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0002 6.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-59379 is a high-severity SQL Injection (CWE-89) vulnerability in Dwyeromega Isensix Advanced Remote Monitoring System Firmware. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 6.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-59379 is a Blind SQL Injection vulnerability affecting the DwyerOmega iSENSIX Advanced Remote Monitoring System (ARMS) version 1.5.7. The issue resides in the user parameter on the login page, which fails to properly sanitize inputs, enabling attackers to extract sensitive information directly from the underlying SQL database. Published on 2026-01-06, the vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and maps to CWE-89 (Improper Neutralization of Special Elements used in an SQL Command).

An unauthenticated attacker with network access can exploit this vulnerability by submitting specially crafted payloads to the login page's user parameter. Exploitation allows retrieval of credentials from the database, which may be stored in cleartext, belonging to existing users and administrators. Attackers can then use these stolen credentials to authenticate to the ARMS application, potentially escalating access within the remote monitoring system.

Mitigation details and advisories are available in the provided references, including a dedicated CVE page at https://github.com/PilotPatrickk/Published-CVEs/blob/main/CVE-2025-59379.md, DwyerOmega brand information at https://info.dwyeromega.com/brands, and iSENSIX Guardian documentation at https://isensix.com/guardian/. Security practitioners should consult these for patch availability or workaround guidance specific to ARMS 1.5.7.

EU & UK References

Vulnerability details

DwyerOmega Isensix Advanced Remote Monitoring System (ARMS) 1.5.7 allows an attacker to retrieve sensitive information from the underlying SQL database via Blind SQL Injection through the user parameter in the login page. This allows an attacker to steal credentials, which…

more

may be cleartext, from existing users (and admins) and use them to authenticate to the application.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1213.006 Databases Collection
Adversaries may leverage databases to mine valuable information.
Why these techniques?

Blind SQLi on public login page directly enables T1190 exploitation of the web app and T1213.006 data extraction from the backend database (including cleartext credentials).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2019-25537Shared CWE-89
CVE-2019-25366Shared CWE-89
CVE-2019-25496Shared CWE-89
CVE-2026-1475Shared CWE-89
CVE-2026-26990Shared CWE-89
CVE-2026-44047Shared CWE-89
CVE-2025-12865Shared CWE-89
CVE-2024-11135Shared CWE-89
CVE-2019-25491Shared CWE-89
CVE-2024-13369Shared CWE-89

Affected Assets

dwyeromega
isensix advanced remote monitoring system firmware
≤ 1.5.7

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 requires information input validation at entry points like the login page user parameter, directly preventing blind SQL injection exploitation.

prevent

SI-2 mandates timely flaw remediation, addressing the specific SQL injection vulnerability in ARMS 1.5.7 to eliminate the ability to extract credentials.

preventdetect

SC-7 enforces boundary protection with mechanisms like web application firewalls to block or detect SQL injection payloads targeting the login endpoint.

References