CVE-2025-40744Improper Certificate Validation in Siemens Solid Edge Se2025

CWE-295Improper Certificate Validation3 documents3 sources
Severity
8.7HIGHNVD
EPSS
0.0%
top 94.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Siemens Solid Edge Se2025
Timeline
PublishedNov 11

Description

A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 11). Affected applications do not properly validate client certificates to connect to License Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5siemens/solid_edge_se2025< V225.0 Update 11

🔴Vulnerability Details

2
CVEList
CVE-2025-40744: A vulnerability has been identified in Solid Edge SE2025 (All versions < V2252025-11-11
GHSA
GHSA-8mjq-6f3x-gxxr: A vulnerability has been identified in Solid Edge SE2025 (All versions < V2252025-11-11
CVE-2025-40744 — Improper Certificate Validation | cvebase