CVE-2025-40773
published 2025-10-14CVE-2025-40773: A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications contains a broken access control vulnerability…
medium5.1CVSS 4.0
AVAACLATNPRLUINVCNVILVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request.
Successful exploitation allows an attacker to potentially manipulate data belonging to other users.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | sipass_integrated | < V3.0 | V3.0 |
| siemens | sipass_integrated | < 3.00 | 3.00 |