cbcvebase.
CVE-2025-40765
published 2025-10-14

CVE-2025-40765: A vulnerability has been identified in TeleControl Server Basic V3.1 (All versions >= V3.1.2.2 < V3.1.2.3). The affected application contains an information…

PriorityP259critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.51%
39.5th percentile
A vulnerability has been identified in TeleControl Server Basic V3.1 (All versions >= V3.1.2.2 < V3.1.2.3). The affected application contains an information disclosure vulnerability. This could allow an unauthenticated remote attacker to obtain password hashes of users and to login to and perform authenticated operations of the database service.

Affected

2 ranges
VendorProductVersion rangeFixed in
siemenstelecontrol_server_basic
siemenstelecontrol_server_basic_v3.1>= V3.1.2.2 < V3.1.2.3V3.1.2.3

Detection & IOCsextracted from sources · hover to see the quote

port8000
  • Monitor for unauthenticated remote connections to the TeleControl Server Basic database service on port 8000, which may indicate exploitation attempts to retrieve password hashes or perform unauthorized database operations.
  • Alert on any external or untrusted IP addresses communicating with port 8000 on TeleControl Server Basic V3.1 systems (versions >= V3.1.2.2 < V3.1.2.3), as the vulnerability is exploitable remotely with low attack complexity and no authentication required.
  • ·The vulnerability (CWE-306: Missing Authentication for Critical Function) affects only TeleControl Server Basic V3.1 versions >= V3.1.2.2 and < V3.1.2.3. Systems outside this version range are not affected by this specific CVE.
  • ·No public exploit has been reported for this vulnerability at the time of advisory publication, but the CVSS v3.1 score is 9.8 (Critical) and CVSS v4 score is 9.3, indicating high exploitability if exposed.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.