CVE-2025-49197 identifies a security vulnerability in the SICK Media Server product developed by SICK AG. The core issue is the use of a weak password hashing algorithm to protect FTP user account credentials. Specifically, the application employs a cryptographic hash function that is considered weak by modern standards, making it feasible for an attacker to perform offline password cracking attacks against the stored password hashes. This vulnerability falls under CWE-328, which concerns the use of weak cryptographic primitives. The weakness allows an attacker with network access to the media server to obtain the hashed passwords and then use computational resources to reverse the hash and recover the plaintext password. According to the CVSS v3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N), the attack can be performed remotely over the network with low attack complexity, requiring low privileges (authenticated user) but no user interaction. The impact is primarily on confidentiality, as the attacker can gain unauthorized access to the FTP user account, potentially exposing sensitive media or configuration files. However, the integrity and availability of the system are not directly affected by this vulnerability. No patches have been released yet, and there are no known exploits in the wild as of the publication date (June 12, 2025). The affected version is listed as '0', which likely indicates the initial or current version of the SICK Media Server product. This vulnerability highlights the importance of using strong, modern password hashing algorithms such as bcrypt, scrypt, or Argon2 to protect stored credentials against offline attacks.

For European organizations using the SICK Media Server, this vulnerability poses a moderate risk primarily to the confidentiality of FTP user credentials. Successful exploitation could allow attackers to access sensitive media files or configuration data stored on the server, which may include proprietary or operational information. Given that SICK AG is a German company specializing in industrial sensors and automation technology, their media server products are likely deployed in industrial and manufacturing environments across Europe. Unauthorized access to these systems could facilitate industrial espionage or provide footholds for further network intrusion. Although the vulnerability does not directly impact system integrity or availability, the exposure of credentials could lead to lateral movement within networks or data exfiltration. The requirement for low privileges (authenticated user) means that attackers would need some level of access, possibly through compromised internal accounts or weak external authentication mechanisms. The lack of user interaction simplifies exploitation once the attacker has network access. Overall, the vulnerability could undermine trust in industrial automation environments and disrupt secure operations if exploited at scale.

1. Immediate mitigation should focus on enforcing strong password policies for FTP accounts, including the use of complex, high-entropy passwords that resist cracking attempts. 2. Network segmentation should be implemented to restrict access to the SICK Media Server FTP service only to trusted hosts and users, minimizing exposure to potential attackers. 3. Monitor FTP access logs for unusual or repeated authentication failures that may indicate brute force or password cracking attempts. 4. Since no patch is currently available, consider deploying compensating controls such as multi-factor authentication (MFA) for FTP access if supported by the environment or wrapping FTP access within VPN tunnels to limit exposure. 5. Engage with SICK AG to obtain timelines for a security patch or updated product version that replaces the weak hash function with a strong, modern password hashing algorithm (e.g., Argon2 or bcrypt). 6. As a longer-term measure, audit all authentication mechanisms within the industrial environment to ensure cryptographic best practices are followed, reducing the risk of similar vulnerabilities. 7. Educate system administrators and users about the risks of weak password hashes and the importance of credential hygiene in industrial control systems.