MICROSENS NMP Web+ Bugs Allow Unauthenticated Code Execution

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory (ICSA-25-175-07) regarding three severe vulnerabilities in MICROSENS NMP Web+ network management software.

These flaws, discovered by Claroty Team82 researchers and coordinated with Germany’s BSI CERT-Bund, enable unauthenticated attackers to bypass authentication, maintain persistent access, and execute arbitrary code on affected systems.

The vulnerabilities impact NMP Web+ versions 3.2.5 and earlier on both Windows and Linux platforms, posing significant risks to critical infrastructure sectors globally.

Technical Vulnerability Breakdown

Three critical CVEs compromise the platform’s security:

• CVE-2025-49151 (CVSS 9.1 Critical): A hardcoded JSON Web Token (JWT) secret enables attackers to forge authentication tokens and bypass security controls.
• CVE-2025-49152 (CVSS 7.5 High): JWTs with no expiration allow indefinite system access if compromised.
• CVE-2025-49153 (CVSS 9.8 Critical): Path traversal flaws permit unauthenticated attackers to overwrite files and execute arbitrary code.

Researchers warn that these vulnerabilities can be chained: attackers first exploit CVE-2025-49151 to gain valid tokens, then leverage CVE-2025-49153 for remote code execution, achieving “zero to hero” system control.

Industrial systems using NMP Web+ for network device management are particularly vulnerable, especially those exposed to the internet.

Mitigation and Patching Requirements

MICROSENS has released NMP Web+ Version 3.3.0 for Windows and Linux to address all vulnerabilities.

CISA mandates immediate installation of this update and recommends additional defensive measures:

• Network Segmentation: Isolate control systems behind firewalls and restrict internet accessibility.
• Access Control: Implement VPNs with strict authentication protocols for remote access.
• Session Management: Invalidate all existing JWTs after patching.

Organizations should monitor access logs for suspicious activity and apply cybersecurity best practices outlined in CISA’s Defense-in-Depth Strategies.

As of July 1, 2025, no active exploits have been reported, but exposed systems remain high-risk targets.

Global Industrial Security Implications

These vulnerabilities affect critical manufacturing sectors worldwide, with MICROSENS headquarters based in Germany.

The flaws highlight systemic risks in industrial control systems (ICS), where unpatched network management tools can serve as entry points for sophisticated attacks.

Security researchers emphasize that while patching is urgent, long-term security requires continuous vulnerability assessments and adherence to frameworks like CISA’s ICS-TIP-12-146-01B intrusion detection guidelines.

Organizations using MICROSENS devices must prioritize this update to prevent potential operational disruption and system compromise.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates