CVE-2025-40772 — Cross-site Scripting in Siemens Sipass Integrated

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

7.0HIGHNVD

EPSS

0.0%

top 98.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Sipass Integrated

Timeline

PublishedOct 14

Description

A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications are vulnerable to stored Cross-Site Scripting (XSS), allowing an attacker to inject malicious code that can be executed by other users when they visit the affected page. Successful exploitation allows an attacker to impersonate other users within the application and steal their session data. This could enable unauthorized access to accounts and potentially lead to privilege escalation.

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5siemens/sipass_integrated< V3.0

▶NVDsiemens/sipass_integrated< 3.00

🔴Vulnerability Details

CVEList

CVE-2025-40772: A vulnerability has been identified in SiPass integrated (All versions < V3↗2025-10-14

▶

GHSA

GHSA-r5xc-3549-mggc: A vulnerability has been identified in SiPass integrated (All versions < V3↗2025-10-14

▶