CVE-2025-58584

Plain Text Transmission of Username and Password in the URL

Description

In the HTTP request, the username and password are transferred directly in the URL as parameters. However, URLs can be stored in various systems such as server logs, browser histories or proxy servers. As a result, there is a high risk that this sensitive data will be disclosed unintentionally.

INFO

Published Date :

2025-10-06T07:01:04.945Z

Last Modified :

2025-10-06T16:37:23.793Z

Source :

SICK AG

AFFECTED PRODUCTS

The following products are affected by CVE-2025-58584 vulnerability.

Vendors	Products
Sick	Baggage Analytics Enterprise Analytics Logistic Diagnostic Analytics Package Analytics Tire Analytics

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-58584.

URL	Resource
https://sick.com/psirt
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
https://www.first.org/cvss/calculator/3.1
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf
https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact