CVE-2025-49852 is a high-severity server-side request forgery (SSRF) issue in ControlID iDSecure On-premises versions 4.7.48.0 and earlier. According to the CISA advisory, an unauthenticated attacker could use the issue to retrieve information from other servers. ControlID states the fix is available in version 4.7.50.0.
CVE-2025-49851 is a high-severity improper authentication issue affecting ControlID iDSecure On-premises versions 4.7.48.0 and prior. According to CISA’s advisory, the flaw could allow an attacker to bypass authentication and gain permissions in the product. ControlID states that version 4.7.50.0 is the fixed release.
