CVE-2025-49153 is a critical vulnerability in MICROSENS NMP Web+ that CISA says could let an unauthenticated attacker overwrite files and execute arbitrary code. The advisory identifies affected products as MICROSENS NMP Web+ versions up to 3.2.5 and recommends updating to version 3.3.0 for Windows and Linux.
CVE-2025-49152 is a HIGH-severity authentication/session-control issue in MICROSENS NMP Web+. According to CISA’s advisory, affected versions contain JSON Web Tokens that do not expire, which can allow an attacker to gain access to the system. MICROSENS recommends updating to NMP Web+ 3.3.0 for Windows and Linux.
CVE-2025-49151 is a critical authentication-bypass issue in MICROSENS NMP Web+. CISA’s advisory says an unauthenticated attacker could generate forged JSON Web Tokens (JWTs) to bypass authentication. The affected product set is MICROSENS NMP Web+ version 3.2.5 and earlier, and MICROSENS recommends upgrading to version 3.3.0 for Windows and Linux.