CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49853 – Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in ControlID iDSecure On-premises
https://notcve.org/view.php?id=CVE-2025-49853
24 Jun 2025 — ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to SQL injections which could allow an attacker to leak arbitrary information and insert arbitrary SQL syntax into SQL queries. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-05 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49852 – Server-Side Request Forgery (SSRF) in ControlID iDSecure On-premises
https://notcve.org/view.php?id=CVE-2025-49852
24 Jun 2025 — ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to a Server-Side Request Forgery vulnerability which could allow an unauthenticated attacker to retrieve information from other servers. ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to a server-side request forgery vulnerability which could allow an unauthenticated attacker to retrieve information from other servers. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-05 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49851 – Improper Authentication in ControlID iDSecure On-premises
https://notcve.org/view.php?id=CVE-2025-49851
24 Jun 2025 — ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to an Improper Authentication vulnerability which could allow an attacker to bypass authentication and gain permissions in the product. ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to an improper authentication vulnerability which could allow an attacker to bypass authentication and gain permissions in the product. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-05 • CWE-287: Improper Authentication •