CVE-2025-58591 is a CWE-22 path traversal vulnerability found in all versions of SICK AG's Baggage Analytics software. The vulnerability allows a remote attacker with limited privileges (PR:L) to perform brute force attacks on folder and file paths within the application, bypassing restrictions intended to confine access to authorized directories. By exploiting this flaw, attackers can read arbitrary files on the server, including sensitive information such as private keys and configuration files. The attack vector is network-based (AV:N), requires no user interaction (UI:N), and does not require elevated privileges beyond limited access. The vulnerability does not affect the integrity or availability of the system but results in a high confidentiality impact due to unauthorized data disclosure. The CVSS 3.1 score of 6.5 reflects the medium severity, balancing the ease of exploitation with the scope of impact. No patches or known exploits are currently available, indicating that the vulnerability is newly disclosed and may be targeted in the future. The lack of authentication requirement for exploitation increases the risk, especially in environments where the Baggage Analytics system is exposed or accessible over the network. The root cause is improper limitation of pathname inputs, allowing attackers to traverse directories and access files outside the intended scope. This vulnerability is critical for environments handling sensitive airport baggage data and related security configurations, as exposure of private keys or configuration files could facilitate further attacks or data breaches.

For European organizations, particularly those operating in the aviation and airport security sectors, this vulnerability poses a significant risk of sensitive data exposure. Baggage Analytics systems are integral to airport operations, and unauthorized access to private keys or configuration files could lead to compromise of cryptographic materials, enabling attackers to decrypt communications or impersonate legitimate services. The confidentiality breach could also expose operational details, increasing the risk of targeted attacks or sabotage. While the vulnerability does not directly affect system integrity or availability, the loss of confidentiality can have cascading effects on trust, compliance with data protection regulations such as GDPR, and operational security. European airports and logistics providers using SICK AG products may face regulatory penalties and reputational damage if exploited. Additionally, attackers could leverage the exposed information to escalate privileges or pivot within the network, amplifying the threat. The medium severity rating suggests that while the vulnerability is serious, it requires some level of access or reconnaissance, but the lack of user interaction and network accessibility increases the likelihood of exploitation in exposed environments.

1. Implement strict input validation and sanitization on all pathname inputs within the Baggage Analytics application to prevent directory traversal sequences such as '../'. 2. Enforce robust access control mechanisms to restrict file system access only to authorized directories and users, minimizing the attack surface. 3. Apply network segmentation and firewall rules to limit external access to the Baggage Analytics system, reducing exposure to remote attackers. 4. Monitor and log file access attempts to detect brute force or anomalous directory traversal activities promptly. 5. Conduct regular security audits and code reviews focusing on path handling and input validation to identify and remediate similar vulnerabilities. 6. Coordinate with SICK AG for timely patch deployment once available and apply any recommended security updates immediately. 7. Use application-layer gateways or web application firewalls (WAFs) with rules designed to detect and block path traversal attempts. 8. Restrict permissions on sensitive files such as private keys and configuration files to the minimum necessary and consider encrypting sensitive configuration data at rest. 9. Educate operational staff about the risks and signs of exploitation attempts to enhance incident response readiness. 10. If possible, isolate the Baggage Analytics system from general corporate networks to contain potential breaches.