File Overwrite and Code Execution Vulnerability in MICROSENS NMP Web+
CVE-2025-49153

9.3CRITICAL

Key Information:

Vendor: Microsens
Status: Nmp Web+
Vendor: CVE Published:; 25 June 2025

What is CVE-2025-49153?

MICROSENS NMP Web+ is susceptible to a vulnerability that enables unauthenticated attackers to overwrite files on the system. This security flaw can be exploited to execute arbitrary code, potentially compromising the integrity and availability of the affected system. Users of MICROSENS NMP Web+ should review their deployment configurations and apply any available patches or mitigations to protect against potential exploitation of this vulnerability.

Affected Version(s)

NMP Web+ 0 <= 3.2.5

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-1...

https://www.microsens.com/support/downloads/nmp/

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2025
Vulnerability Reserved
Jun 2, 2025

Credit

Tomer Goldschmidt and Noam Moshe of Claroty Team82 reported these vulnerabilities to CISA.

The German Federal Office for Information Security (BSI) CERT-Bund assisted coordination with MICROSENS.

Microsens

What is CVE-2025-49153?

Affected Version(s)

References

CVSS V4

Timeline

Credit