CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49153 – MICROSENS NMP Web+ Path Traversal
https://notcve.org/view.php?id=CVE-2025-49153
25 Jun 2025 — MICROSENS NMP Web+ could allow an unauthenticated attacker to overwrite files and execute arbitrary code. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-07 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49152 – MICROSENS NMP Web+ Insufficient Session Expiration
https://notcve.org/view.php?id=CVE-2025-49152
25 Jun 2025 — MICROSENS NMP Web+ contain JSON Web Tokens (JWT) that do not expire, which could allow an attacker to gain access to the system. MICROSENS NMP Web+ contain JSON Web Tokens (JWT) that do not expire, which could allow an attacker to gain access to the system. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-07 • CWE-613: Insufficient Session Expiration •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49151 – MICROSENS NMP Web+ Use of Hard-coded, Security-relevant Constants
https://notcve.org/view.php?id=CVE-2025-49151
25 Jun 2025 — MICROSENS NMP Web+ could allow an unauthenticated attacker to generate forged JSON Web Tokens (JWT) to bypass authentication. MICROSENS NMP Web+ could allow an unauthenticated attacker to generate forged JSON Web Tokens (JWT) to bypass authentication. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-07 • CWE-547: Use of Hard-coded, Security-relevant Constants •