CVE-2025-59459 is a resource exhaustion vulnerability identified in the SICK AG TLOC100-100 device, categorized under CWE-770, which involves allocation of resources without proper limits or throttling. This flaw allows an attacker who has gained SSH access to an unprivileged account on the device to consume resources excessively, leading to disruption of critical services, including the SSH service itself. The vulnerability does not compromise confidentiality or integrity but results in a persistent denial of service (DoS) condition, severely impacting availability. The attack vector requires local network access or VPN access to SSH, with low complexity and no need for user interaction, making it feasible for attackers with limited privileges. The affected product version is indicated as '0', suggesting an initial or early release version. No patches or mitigations have been officially released by SICK AG at the time of publication. The vulnerability was reserved in mid-September 2025 and published in late October 2025. Given the device's role in industrial environments, disruption could affect operational technology (OT) systems. The CVSS v3.1 base score is 5.5, reflecting medium severity due to the impact on availability and the requirement for prior access. No known exploits have been reported in the wild, but the potential for service disruption in critical infrastructure environments is significant.

The primary impact of CVE-2025-59459 is the disruption of availability for the SICK AG TLOC100-100 device, which is likely used in industrial automation and control systems. Persistent denial of service can halt operations that depend on this device, potentially causing production downtime, safety risks, and financial losses. Since the vulnerability affects SSH services, it could also lock out legitimate administrators, complicating recovery efforts. The lack of impact on confidentiality and integrity limits data breach risks but does not reduce the operational impact. Organizations relying on these devices in manufacturing, logistics, or critical infrastructure could face operational interruptions. The requirement for SSH access means that attackers must first bypass perimeter defenses or exploit other vulnerabilities to gain initial access, but once inside, they can cause significant disruption. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits over time. Overall, the vulnerability poses a medium risk to organizations with these devices, particularly those with limited network segmentation or weak SSH access controls.

To mitigate CVE-2025-59459, organizations should implement strict SSH access controls, including the use of strong authentication methods such as key-based authentication and disabling password-based logins. Network segmentation should be enforced to restrict SSH access to trusted hosts only, minimizing the attack surface. Monitoring and alerting on unusual resource consumption or service disruptions on the TLOC100-100 devices can provide early warning of exploitation attempts. If possible, limit the number of unprivileged accounts with SSH access and regularly audit these accounts for necessity and activity. Employ rate limiting or connection throttling at the network level to reduce the risk of resource exhaustion attacks. Since no official patch is available, organizations should engage with SICK AG for updates and consider compensating controls such as temporary access restrictions or device isolation during critical operations. Incident response plans should include procedures for recovery from device DoS conditions, including physical access if remote management is lost. Finally, maintain up-to-date inventories of affected devices to prioritize remediation efforts.