A critical security vulnerability with a CVSS v4 score of 9.3 has been discovered in MICROSENS NMP Web+ network management equipment, potentially allowing remote attackers to gain system access, overwrite files, and execute arbitrary code.
The German company’s widely deployed industrial control systems face significant security risks that could impact critical infrastructure worldwide.
Security researchers from Claroty Team82 have identified three distinct vulnerabilities affecting MICROSENS NMP Web+ Version 3.2.5 and earlier releases.
The most severe vulnerability, designated CVE-2025-49151, involves the use of hard-coded security constants that enable unauthenticated attackers to forge JSON Web Tokens (JWT) and completely bypass authentication mechanisms.
This vulnerability carries a CVSS v3 base score of 9.1 and a CVSS v4 score of 9.3, indicating its critical nature and potential for widespread exploitation.
The second vulnerability, CVE-2025-49152, addresses insufficient session expiration controls where JWT tokens never expire, providing persistent unauthorized access to compromised systems.
With a CVSS v4 score of 8.7, this vulnerability allows attackers to maintain long-term access once initial compromise occurs.
The third vulnerability, CVE-2025-49153, represents a classic path traversal attack vector that enables unauthorized file manipulation and arbitrary code execution, earning the highest CVSS v3 score of 9.8.
Microsens Vulnerabilities
The affected MICROSENS equipment operates within critical manufacturing sectors and has been deployed worldwide, making these vulnerabilities particularly concerning for industrial cybersecurity.
The German Federal Office for Information Security (BSI) CERT-Bund collaborated with the Cybersecurity and Infrastructure Security Agency (CISA) to coordinate the disclosure and response efforts, highlighting the international scope of this security issue.
These vulnerabilities pose significant risks to operational technology environments where NMP Web+ systems manage network infrastructure.
The combination of remote exploitability and low attack complexity means that threat actors can potentially compromise these systems without sophisticated tools or extensive technical knowledge.
The ability to execute arbitrary code and manipulate files could lead to operational disruptions, data theft, or even physical damage to connected industrial processes.
Immediate Patching
MICROSENS has released NMP Web+ Version 3.3.0 for both Windows and Linux platforms to address all identified vulnerabilities.
Organizations using affected versions should prioritize immediate updates to prevent potential exploitation.
CISA emphasizes that no known public exploitation targeting these specific vulnerabilities has been reported, providing organizations with a critical window for remediation.
Beyond patching, CISA recommends implementing comprehensive defensive measures including network segmentation, firewall protection, and restricting internet access for control system devices.
Organizations should isolate industrial networks from business systems and employ secure remote access methods such as properly maintained VPNs when external connectivity is required.
The discovery underscores the ongoing challenges facing industrial cybersecurity, where legacy systems and network management tools often contain fundamental security weaknesses.
Organizations must conduct thorough risk assessments and implement defense-in-depth strategies to protect critical infrastructure from increasingly sophisticated cyber threats.
CISA encourages reporting any suspicious activity related to these vulnerabilities to support broader threat intelligence efforts and incident correlation.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
.webp?w=356&resize=356,220&ssl=1 "Microsoft Teams Blocking Users from Accessing Embedded Office Documents")
