CVE-2025-59461

High

Published: 27 October 2025

Published

27 October 2025

Modified

03 November 2025

KEV Added

—

Patch

—

CVSS Score 7.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

EPSS Score 0.0015 34.8th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-59461 is a high-severity Missing Authorization (CWE-862) vulnerability in Sick Tloc100-100 Firmware. Its CVSS base score is 7.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 34.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation of Remote Services (T1210) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-14 Permitted Actions Without Identification or Authentication good match

prevent

Directly mitigates unauthenticated API access by requiring documentation and restriction of permitted actions without identification or authentication, preventing unauthorized data access, modification, and service disruption.

AC-3 Access Enforcement good match

prevent

Enforces approved access control policies for logical access to information and resources, countering the core missing authorization (CWE-862) in the C++ API.

AC-6 Least Privilege partial match

prevent

Limits privileges to the minimum necessary even if access is granted, reducing impact of exploitation on sensitive data and availability.

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Unauthenticated API missing authorization (AV:A/PR:N) enables remote exploitation of a service for limited data access/modification (C:L/I:L) per T1210 and high-impact service disruption/DoS per T1499.004.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A remote unauthenticated attacker may use the unauthenticated C++ API to access or modify sensitive data and disrupt services.

Deeper analysisAI

CVE-2025-59461 is a vulnerability (CWE-862: Missing Authorization) in an unauthenticated C++ API that affects products from SICK, as detailed in their advisories. Published on 2025-10-27, it has a CVSS v3.1 base score of 7.6 (High), with vector AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H, indicating adjacent network access with low attack complexity, no privileges or user interaction required, low confidentiality and integrity impact, and high availability impact. A remote unauthenticated attacker can exploit this to access or modify sensitive data and disrupt services.

The attack requires adjacency to the affected network (AV:A), allowing a remote unauthenticated attacker with low complexity to target the API directly. Successful exploitation enables limited access to or modification of sensitive data (C:L/I:L), alongside high disruption to service availability (A:H), such as denial-of-service conditions.

Mitigation details are available in SICK's PSIRT advisory at https://sick.com/psirt and the associated CSAF provider document (sca-2025-0013) in JSON and PDF formats at https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.json and https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.pdf. Additional ICS security practices are referenced via CISA at https://www.cisa.gov/resources-tools/resources/ics-recommended-practices.

Details

CWE(s): CWE-862

Affected Products

sick

tloc100-100 firmware

all versions

CVEs Like This One

CVE-2026-22917Same vendor: Sick

CVE-2026-1626Same vendor: Sick

CVE-2026-22910Same vendor: Sick

CVE-2026-22920Same vendor: Sick

CVE-2026-22644Same vendor: Sick

CVE-2026-26742Shared CWE-862

CVE-2025-58587Same vendor: Sick

CVE-2026-22907Same vendor: Sick

CVE-2026-22918Same vendor: Sick

CVE-2026-22646Same vendor: Sick

References

https://sick.com/psirt
Vendor Advisory · psirt@sick.de
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
US Government Resource · psirt@sick.de
https://www.first.org/cvss/calculator/3.1
Not Applicable · psirt@sick.de
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.json
Vendor Advisory · psirt@sick.de
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.pdf
Vendor Advisory · psirt@sick.de
https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf
Product · psirt@sick.de