CVE-2025-49151 Microsens CVE debrief

Who should care

MICROSENS NMP Web+ administrators, OT/ICS operators, and security teams responsible for the product’s web management environment, especially where version 3.2.5 or earlier is deployed.

Technical summary

The CISA CSAF advisory (ICSA-25-175-07) describes a network-reachable authentication bypass in MICROSENS NMP Web+ caused by forged JWTs. The affected product entry is MICROSENS NMP Web+: <=3.2.5. The published CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N, which corresponds to a 9.1 critical severity. Remediation in the advisory points to MICROSENS NMP Web+ version 3.3.0 for Windows and Linux.

Defensive priority

Immediate. The issue requires no privileges or user interaction and can lead to authentication bypass, so affected systems should be prioritized for urgent upgrade and temporary access restriction until patched.

Recommended defensive actions

• Upgrade MICROSENS NMP Web+ to version 3.3.0 for Windows and Linux, as recommended in the advisory.
• Identify every deployment running MICROSENS NMP Web+ version 3.2.5 or earlier and confirm whether the management interface is exposed beyond trusted admin networks.
• Restrict access to the NMP Web+ interface to trusted administrative paths only until remediation is complete.
• Review authentication and administrative activity for unexpected successful sessions or configuration changes around the advisory period.
• Apply CISA industrial control system recommended practices and defense-in-depth guidance to reduce exposure of management services.

Evidence notes

The supplied CISA CSAF source (ICSA-25-175-07) states: affected product MICROSENS NMP Web+: <=3.2.5; vulnerability impact: unauthenticated attackers could generate forged JWTs to bypass authentication; remediation: update to NMP Web+ 3.3.0 for Windows and Linux. The advisory was initially published on 2025-06-24 with no later revision present in the supplied corpus.

Official resources