CVE-2025-13483 | THREATINT

Description

SiRcom SMART Alert (SiSA) allows unauthorized access to backend APIs. This allows an unauthenticated attacker to bypass the login screen using browser developer tools, gaining access to restricted parts of the application.

PUBLISHED Reserved 2025-11-20 | Published 2025-11-25 | Updated 2025-11-25 | Assigner icscert

HIGH: 8.8CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-306 Missing Authentication for Critical Function

Product status

Default status

unaffected

3.0.48

affected

Credits

Souvik Kandar of Microsec (microsec.io) finder

References

www.cisa.gov/news-events/ics-advisories/icsa-25-329-06 government-resource

cve.org (CVE-2025-13483)

nvd.nist.gov (CVE-2025-13483)

Download JSON