Improper Authentication in ControlID iDSecure Product by ControlID
CVE-2025-49851

8.7HIGH

Key Information:

Vendor

Controlid

Status
Idsecure On-premises
Vendor
CVE Published:
24 June 2025

What is CVE-2025-49851?

ControlID iDSecure's On-premises versions up to 4.7.48.0 are susceptible to an Improper Authentication flaw, enabling attackers to circumvent authentication mechanisms and gain unauthorized permissions within the system. This vulnerability poses a significant risk, compromising the integrity and security of user data.

Affected Version(s)

iDSecure On-premises 0 <= 4.7.48.0

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-1...
government-resource

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Noam Moshe of Claroty Team82
.
CVE-2025-49851 : Improper Authentication in ControlID iDSecure Product by ControlID