CVE-2025-49852

ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to a server-side request forgery vulnerability which could allow an unauthenticated attacker to retrieve information from other servers.

CVSS

No CVSS.

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-05	US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:assaabloy:control_id_idsecure:*:*:*:*:on-premises:*:*:*

History

02 Jul 2025, 16:33

Type	Values Removed	Values Added
CPE		cpe:2.3:a:assaabloy:control_id_idsecure:::::on-premises:::*
References	~~() https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-05 -~~	() https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-05 - US Government Resource
First Time		Assaabloy Assaabloy control Id Idsecure

27 Jun 2025, 18:15

Type	Values Removed	Values Added
CWE	~~CWE-918~~
Summary	ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to a Server-Side Request Forgery vulnerability which could allow an unauthenticated attacker to retrieve information from other servers.	ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to a server-side request forgery vulnerability which could allow an unauthenticated attacker to retrieve information from other servers.

24 Jun 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-24 20:15

Updated : 2025-07-02 16:33

NVD link : CVE-2025-49852

Mitre link : CVE-2025-49852

JSON object : View

Products Affected

assaabloy

control_id_idsecure

CWE

No CWE.

JSON object

Attach tags to CVE-2025-49852

Attach tags to `CVE-2025-49852`