Unauthorized User Account Creation in Sick’s API
CVE-2025-58578

3.8LOW

Key Information:

Vendor: Sick Ag
Status: Enterprise Analytics
Vendor: CVE Published:; 6 October 2025

🔔 Create Sick Ag Vulnerability Alert

What is CVE-2025-58578?

A vulnerability in Sick's API allows an authorized user to create an unlimited number of user accounts through a POST request to an insecure API endpoint. The absence of quotas and validation mechanisms leads to potential abuse of this functionality, increasing the risk of unauthorized actions within the system.

Affected Version(s)

Enterprise Analytics all versions

References

https://sick.com/psirt

x_SICK PSIRT Security Advisories

https://www.sick.com/media/docs/9/19/719/special_informat...

x_SICK Operating Guidelines

https://www.cisa.gov/resources-tools/resources/ics-recomm...

x_ICS-CERT recommended practices on Industrial Security

CVSS V3.1

Score:

3.8

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 6, 2025
Vulnerability Reserved
Sep 3, 2025

.