DwyerOmega Isensix Advanced Remote Monitoring System (ARMS) 1.5.7 allows an attacker to retrieve sensitive information from the underlying SQL database via Blind SQL Injection through the user parameter in the login page. This allows an attacker to steal credentials, which may be cleartext, from existing users (and admins) and use them to authenticate to the application.
References
| Link | Resource |
|---|---|
| https://github.com/PilotPatrickk/Published-CVEs/blob/main/CVE-2025-59379.md | Third Party Advisory |
| https://info.dwyeromega.com/brands | Product |
| https://isensix.com/guardian/ | Product |
Configurations
Configuration 1 (hide)
| AND |
|
History
29 Jan 2026, 01:41
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/PilotPatrickk/Published-CVEs/blob/main/CVE-2025-59379.md - Third Party Advisory | |
| References | () https://info.dwyeromega.com/brands - Product | |
| References | () https://isensix.com/guardian/ - Product | |
| CPE | cpe:2.3:o:dwyeromega:isensix_advanced_remote_monitoring_system_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dwyeromega:isensix_advanced_remote_monitoring_system:-:*:*:*:*:*:*:* |
|
| First Time |
Dwyeromega
Dwyeromega isensix Advanced Remote Monitoring System Dwyeromega isensix Advanced Remote Monitoring System Firmware |
06 Jan 2026, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-89 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
06 Jan 2026, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-01-06 16:15
Updated : 2026-01-29 01:41
NVD link : CVE-2025-59379
Mitre link : CVE-2025-59379
CVE.ORG link : CVE-2025-59379
JSON object : View
Products Affected
dwyeromega
- isensix_advanced_remote_monitoring_system
- isensix_advanced_remote_monitoring_system_firmware
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')