CVE-2025-49852 ControlID CVE debrief

Who should care

Organizations running ControlID iDSecure On-premises, especially administrators responsible for physical security, access control, or other operational technology environments where the product is deployed.

Technical summary

CISA describes the flaw as an SSRF vulnerability affecting ControlID iDSecure On-premises <= 4.7.48.0. The vulnerability is network reachable, requires no authentication, and is rated CVSS 3.1 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating strong confidentiality impact without stated integrity or availability impact. The advisory notes that an attacker may be able to retrieve information from other servers through the affected application.

Defensive priority

High. The issue is unauthenticated, network exploitable, and can expose information from other servers. Prioritize patching exposed or operationally critical instances.

Recommended defensive actions

• Upgrade ControlID iDSecure On-premises to version 4.7.50.0 or later as provided by the vendor.
• Identify all deployments of iDSecure On-premises and verify whether any instance is running 4.7.48.0 or earlier.
• Review network access to the application and restrict exposure where possible until remediation is complete.
• Monitor logs and outbound requests for unusual server-to-server access patterns that could indicate SSRF abuse.
• Use CISA industrial control system defensive guidance as a reference for hardening and incident response planning.

Evidence notes

This debrief is based on the CISA CSAF advisory ICSA-25-175-05 and its referenced remediation guidance. The advisory states that ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to SSRF and that unauthenticated attackers may retrieve information from other servers. The vendor remediation listed in the advisory is version 4.7.50.0. Dates used here reflect the advisory and CVE publication timestamps provided in the source corpus (2025-06-24).

Official resources