CISA Issues Alert on ControlID iDSecure Flaws Enabling Bypass Authentication

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding critical vulnerabilities in ControlID’s iDSecure On-premises software, a widely used vehicle control and access management platform.

The alert, designated ICSA-25-175-05 and released on June 24, 2025, highlights multiple security flaws that could allow attackers to bypass authentication, leak sensitive data, and perform unauthorized operations on affected systems.

Executive Summary

The vulnerabilities identified in ControlID iDSecure On-premises versions 4.7.48.0 and prior are severe, with a combined CVSS v4 score of 9.3.

The issues can be exploited remotely with low attack complexity, making them particularly dangerous for organizations relying on this software for critical infrastructure management.

The affected sectors include commercial facilities, and the software is deployed globally, with ControlID headquartered in Brazil.

Successful exploitation of these vulnerabilities could enable attackers to bypass authentication mechanisms, retrieve confidential information, leak arbitrary data, and execute malicious SQL commands.

Such actions could lead to unauthorized access, data breaches, and potential disruption of critical operations.

The following vulnerabilities have been identified and assigned CVE identifiers:

Affected Products

• ControlID iDSecure On-premises: Versions 4.7.48.0 and prior

Vulnerability Overview

• Improper Authentication (CVE-2025-49851): This flaw allows attackers to bypass authentication procedures, potentially gaining elevated privileges within the system.
• Server-Side Request Forgery (SSRF) (CVE-2025-49852): Attackers can exploit this vulnerability to make the server send requests to other systems, potentially revealing sensitive information.
• SQL Injection (CVE-2025-49853): The most critical of the vulnerabilities, this allows attackers to execute arbitrary SQL commands, leading to data leakage and manipulation.

The vulnerabilities were discovered and reported by Noam Moshe of Claroty Team82. The affected software is used in critical infrastructure sectors, particularly in commercial facilities, and is deployed worldwide. ControlID is based in Brazil.

ControlID has released an updated version (4.7.50.0) to address these vulnerabilities. Organizations are strongly urged to update to the latest version immediately. CISA recommends the following additional defensive measures:

• Minimize network exposure: Ensure control system devices are not accessible from the internet.
• Implement firewalls: Locate control system networks and remote devices behind firewalls, isolating them from business networks.
• Use secure remote access: When remote access is necessary, employ secure methods such as VPNs, ensuring all devices and software are up to date.
• Perform risk assessments: Organizations should conduct thorough impact analysis and risk assessment before deploying defensive measures.
• Monitor for malicious activity: Follow established internal procedures and report any suspicious activity to CISA.

CISA also advises organizations to implement recommended cybersecurity strategies and best practices, available on the ICS webpage at cisa.gov/ics.

This includes guidance on defense-in-depth strategies and targeted intrusion detection.

CISA reminds users to be vigilant against social engineering and phishing attacks. Do not click on links or open attachments in unsolicited emails.

Refer to CISA’s resources on recognizing and avoiding email scams and social engineering attacks for more information.

As of the alert’s release, there are no known public exploits specifically targeting these vulnerabilities. However, the high severity and ease of exploitation make prompt action essential for all affected organizations.

CISA continues to monitor the situation and urges users to stay informed and take proactive steps to protect their critical infrastructure assets.