CVE-2025-40737

CWE-22Path Traversal3 documents3 sources
Severity
8.7HIGH
EPSS
0.4%
top 38.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Siemens Sinec NMS
Timeline
PublishedJul 8

Description

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privileges (ZDI-CAN-26571).

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5siemens/sinec_nms< V4.0

🔴Vulnerability Details

2
GHSA
GHSA-fg27-6v6q-r3w4: A vulnerability has been identified in SINEC NMS (All versions < V42025-07-08
CVEList
CVE-2025-40737: A vulnerability has been identified in SINEC NMS (All versions < V42025-07-08
CVE-2025-40737 (HIGH CVSS 8.7) | A vulnerability has been identified | cvebase.io