cvedb.io
CVE-2025-49191
MEDIUM · CVSS 4.8
EPSS exploitation probability: 0%
Published 2025-06-12T14:15:31.690 · Last modified 2026-06-17T09:30:54.377

Summary

Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. The URLs get embedded as iFrame widgets, making it possible to attack other users that access the dashboard by including malicious code. The attack is only possible if the attacker is authorized to create new dashboards or iFrame widgets.

Affected products

sick — field_analytics

Does this affect you?

Add your gear to cvedb and we'll alert you only when sick ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.