- Description
- The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a backup ZIP, modify and re-upload it. This allows the attacker to disrupt the application by configuring the services in a way that they are unable to run, making the application unusable. They can redirect traffic that is meant to be internal to their own hosted services and gathering information.
- Source
- psirt@sick.de
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- psirt@sick.de
- CWE-345
- Hype score
- Not currently trending
CVE-2025-49199 (CVSS:8.8, HIGH) is Awaiting Analysis. The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a backup ZIP..https://t.co/XSySuRHK7H #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
17 Jun 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-49199 Backup ZIP Tampering Vulnerability Enabling Service Disruption and Traffic Redirection https://t.co/c6s8gCYjGy
@VulmonFeeds
12 Jun 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-49199 The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a backup ZIP, modify and re-upload it. This allows the att… https://t.co/Bl5S38JrDO
@CVEnew
12 Jun 2025
226 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-49199: HIGH] Unsigned backup ZIP files can be manipulated by attackers, causing disruptions to application services, redirecting internal traffic, and compromising data security. #cybersecurity#cve,CVE-2025-49199,#cybersecurity https://t.co/3HcHZtdizE https://t.co/E15jy
@CveFindCom
12 Jun 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes