Arbitrary Log Entry Creation in Sick API Endpoint
CVE-2025-58580

6.5MEDIUM

Key Information:

Vendor

Sick Ag

Status
Enterprise Analytics
Vendor
CVE Published:
6 October 2025

What is CVE-2025-58580?

An API endpoint within the Sick product suite is vulnerable, permitting the generation of arbitrary log entries through unvalidated POST requests. This lack of input validation allows malicious actors to craft deceptive log entries, which can obscure critical information or alter the log's integrity. Organizations using this API must implement solid input validation measures to mitigate potential risks, as manipulated logs can undermine security oversight and allow for stealthy attacks.

Affected Version(s)

Enterprise Analytics all versions

References

https://sick.com/psirt
x_SICK PSIRT Security Advisories
https://www.sick.com/media/docs/9/19/719/special_informat...
x_SICK Operating Guidelines
https://www.cisa.gov/resources-tools/resources/ics-recomm...
x_ICS-CERT recommended practices on Industrial Security

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.