CVE-2025-40755
published 2025-10-14CVE-2025-40755: A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP1). Affected applications are vulnerable to SQL injection through…
high8.7CVSS 4.0
AVNACLATNPRLUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP1). Affected applications are vulnerable to SQL injection through getTotalAndFilterCounts endpoint. An authenticated low privileged attacker could exploit to insert data and achieve privilege escalation. (ZDI-CAN-26570)
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | sinec_nms | < V4.0 SP1 | V4.0 SP1 |
| siemens | sinec_nms | < 4.0 | 4.0 |
| siemens | sinec_nms | — | — |