CVE-2025-59459 is a vulnerability identified in SICK AG's TLOC100-100 device series running firmware versions prior to 7.1.1. The issue is classified under CWE-770, which refers to allocation of resources without limits or throttling. In this context, an attacker who has obtained SSH access to an unprivileged account on the device can exploit this flaw to cause resource exhaustion. This exhaustion leads to disruption of services, including the SSH service itself, resulting in persistent denial of service conditions. The vulnerability does not require elevated privileges beyond the unprivileged SSH account, nor does it require user interaction beyond the initial access. The CVSS v3.1 base score is 5.5, reflecting a medium severity level, with the vector indicating local attack vector (AV:L), low attack complexity (AC:L), low privileges required (PR:L), no user interaction (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N/I:N), but high impact on availability (A:H). No patches were linked at the time of disclosure, and no known exploits have been reported in the wild. The vulnerability primarily affects availability by allowing attackers to disrupt device operations through resource exhaustion. Given that TLOC100-100 devices are used in industrial automation and sensing applications, this vulnerability could impact operational continuity if exploited.

The primary impact of CVE-2025-59459 is on availability, as exploitation can cause persistent denial of service on affected devices, including loss of SSH access. For European organizations, especially those in manufacturing, industrial automation, and critical infrastructure sectors that deploy SICK AG TLOC100-100 devices, this could lead to operational disruptions, production downtime, and potential safety risks if automated processes are interrupted. The inability to access devices remotely via SSH complicates incident response and recovery efforts. While confidentiality and integrity are not directly affected, the loss of availability can have cascading effects on business continuity and safety systems. The medium CVSS score reflects the need for attention but indicates that exploitation requires some level of authenticated access, limiting the attack surface to insiders or attackers who have already compromised credentials. Organizations relying on these devices for monitoring or control should consider the risk of service disruption significant, particularly in environments where uptime is critical.

1. Upgrade the firmware of all SICK AG TLOC100-100 devices to version 7.1.1 or later as soon as the patch becomes available from the vendor. 2. Restrict SSH access strictly to trusted personnel and systems using strong authentication mechanisms, such as key-based authentication and multi-factor authentication where possible. 3. Implement network segmentation and firewall rules to isolate TLOC100-100 devices from general network access, limiting SSH exposure to only necessary management networks. 4. Monitor SSH login attempts and resource usage on these devices to detect unusual activity indicative of exploitation attempts. 5. Employ intrusion detection systems (IDS) or endpoint detection and response (EDR) solutions capable of identifying anomalous behavior related to resource exhaustion. 6. Establish incident response procedures that include rapid isolation and recovery of affected devices to minimize downtime. 7. Conduct regular audits of user accounts with SSH access to ensure least privilege principles are enforced and remove unnecessary accounts. 8. Engage with SICK AG support channels to receive timely updates and advisories regarding this vulnerability and related patches.