CVE-2025-59379
Published: 06 January 2026
Summary
CVE-2025-59379 is a high-severity SQL Injection (CWE-89) vulnerability in Dwyeromega Isensix Advanced Remote Monitoring System Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 6.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-59379 is a Blind SQL Injection vulnerability affecting the DwyerOmega iSENSIX Advanced Remote Monitoring System (ARMS) version 1.5.7. The issue resides in the user parameter on the login page, which fails to properly sanitize inputs, enabling attackers to extract sensitive information directly from the underlying SQL database. Published on 2026-01-06, the vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and maps to CWE-89 (Improper Neutralization of Special Elements used in an SQL Command).
An unauthenticated attacker with network access can exploit this vulnerability by submitting specially crafted payloads to the login page's user parameter. Exploitation allows retrieval of credentials from the database, which may be stored in cleartext, belonging to existing users and administrators. Attackers can then use these stolen credentials to authenticate to the ARMS application, potentially escalating access within the remote monitoring system.
Mitigation details and advisories are available in the provided references, including a dedicated CVE page at https://github.com/PilotPatrickk/Published-CVEs/blob/main/CVE-2025-59379.md, DwyerOmega brand information at https://info.dwyeromega.com/brands, and iSENSIX Guardian documentation at https://isensix.com/guardian/. Security practitioners should consult these for patch availability or workaround guidance specific to ARMS 1.5.7.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-1012
Vulnerability details
DwyerOmega Isensix Advanced Remote Monitoring System (ARMS) 1.5.7 allows an attacker to retrieve sensitive information from the underlying SQL database via Blind SQL Injection through the user parameter in the login page. This allows an attacker to steal credentials, which…
more
may be cleartext, from existing users (and admins) and use them to authenticate to the application.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Blind SQLi on public login page directly enables T1190 exploitation of the web app and T1213.006 data extraction from the backend database (including cleartext credentials).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-10 requires information input validation at entry points like the login page user parameter, directly preventing blind SQL injection exploitation.
SI-2 mandates timely flaw remediation, addressing the specific SQL injection vulnerability in ARMS 1.5.7 to eliminate the ability to extract credentials.
SC-7 enforces boundary protection with mechanisms like web application firewalls to block or detect SQL injection payloads targeting the login endpoint.