Detections
Analytics
Control iD iDSecure Improper Authentication (CVE-2025-49851)
critical Nessus Plugin ID 310722
Synopsis
An access management application is affected by an improper authentication vulnerability.Description
The Control iD iDSecure running on the remote host is affected by an improper authentication vulnerability. An unauthenticated, remote attacker can exploit this, via specially crafted messages, to bypass authentication and gain permissions in the product.Solution
iDSecure v4.7.50.0 or later is known to be mitigated.See Also
https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-05
Plugin Details
Severity: Critical
ID: 310722
File Name: control_id_idsecure_improper_auth.nbin
Version: 1.1
Type: Remote
Family: SCADA
Published: 4/28/2026
Updated: 4/28/2026
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Critical
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2025-49851
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Information
CPE: cpe:/a:assaabloy:control_id_idsecure
Required KB Items: installed_sw/Control iD iDSecure
Exploited by Nessus: true
Patch Publication Date: 6/24/2025
Vulnerability Publication Date: 6/24/2025
Reference Information
CVE: CVE-2025-49851
ICSA: 25-175-05