Critical Vulnerability in Microsens Devices Exposes Systems to Hackers
gbhackersA series of critical vulnerabilities have been discovered in MICROSENS NMP Web+, a widely used network management platform for industrial and critical manufacturing environments, putting thousands of organizations worldwide at significant risk of cyberattack.
The flaws, reported by security researchers Tomer Goldschmidt and Noam Moshe of Claroty Team82 and coordinated with the German BSI CERT-Bund, have prompted urgent warnings from the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
Three Severe Vulnerabilities Identified
The vulnerabilities affect NMP Web+ versions 3.2.5 and earlier on both Windows and Linux platforms. They are cataloged as:
| CVE ID | Vulnerability Name | CVSS v3 Base Score | CVSS v4 Base Score |
|---|---|---|---|
| CVE-2025-49151 | Use of Hard-coded, Security-relevant Constants | 9.1 | 9.3 |
| CVE-2025-49152 | Insufficient Session Expiration | 7.5 | 8.7 |
| CVE-2025-49153 | Improper Limitation of a Pathname to a Restricted Directory | 9.8 | 9.3 |
- CVE-2025-49151 (CVSS v4 9.3): The use of a hard-coded JWT secret ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE