CVE-2025-49153 MICROSENS CVE debrief

Who should care

Organizations that operate or administer MICROSENS NMP Web+ deployments, especially OT/ICS environments and any Windows or Linux systems running affected versions up to 3.2.5.

Technical summary

The CISA CSAF advisory for ICSA-25-175-07 describes a network-reachable issue in MICROSENS NMP Web+ with no authentication required. The stated impact is file overwrite followed by arbitrary code execution, and the provided CVSS 3.1 vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, reflecting a critical 9.8 severity. The affected product entry in the advisory is MICROSENS NMP Web+ <=3.2.5, and the remediation is to update to version 3.3.0.

Defensive priority

Highest. This is a critical, unauthenticated remote-code-execution class issue in an ICS-related product. Prioritize patching affected systems and reducing exposure until remediation is complete.

Recommended defensive actions

• Update MICROSENS NMP Web+ to version 3.3.0 for Windows and Linux as recommended by MICROSENS.
• Inventory deployments to identify any instances running MICROSENS NMP Web+ version 3.2.5 or earlier.
• Restrict network access to management interfaces until remediation is verified.
• Monitor affected hosts for unexpected file changes or signs of unauthorized code execution.
• Apply standard ICS defensive practices and validate backups before making changes.

Evidence notes

All core claims are taken from the CISA CSAF advisory ICSA-25-175-07 and its referenced official materials. The advisory states: affected product MICROSENS NMP Web+ <=3.2.5, impact from an unauthenticated attacker could overwrite files and execute arbitrary code, CVSS 9.8 with vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, and remediation to update to 3.3.0 for Windows and Linux. Public disclosure in the supplied corpus is dated 2025-06-24 UTC.

Official resources