cbcvebase.
CVE-2025-40805
published 2026-01-13

CVE-2025-40805: Affected devices do not properly enforce user authentication on specific API endpoints. This could facilitate an unauthenticated remote attacker to circumvent…

PriorityP278critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
0.60%
44.3th percentile
Affected devices do not properly enforce user authentication on specific API endpoints. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that the attacker has learned the identity of a legitimate user.

Affected

81 ranges· showing 25
VendorProductVersion rangeFixed in
siemensindustrial_edge_cloud_device< V1.24.2V1.24.2
siemensindustrial_edge_device_kit_arm64_v1.10< **
siemensindustrial_edge_device_kit_arm64_v1.11< **
siemensindustrial_edge_device_kit_arm64_v1.12< **
siemensindustrial_edge_device_kit_arm64_v1.13< **
siemensindustrial_edge_device_kit_arm64_v1.14< **
siemensindustrial_edge_device_kit_arm64_v1.15< **
siemensindustrial_edge_device_kit_arm64_v1.16< **
siemensindustrial_edge_device_kit_arm64_v1.17< **
siemensindustrial_edge_device_kit_arm64_v1.18< **
siemensindustrial_edge_device_kit_arm64_v1.19< **
siemensindustrial_edge_device_kit_arm64_v1.20< **
siemensindustrial_edge_device_kit_arm64_v1.21< **
siemensindustrial_edge_device_kit_arm64_v1.22< **
siemensindustrial_edge_device_kit_arm64_v1.23< **
siemensindustrial_edge_device_kit_arm64_v1.24< V1.24.2V1.24.2
siemensindustrial_edge_device_kit_arm64_v1.25< V1.25.1V1.25.1
siemensindustrial_edge_device_kit_arm64_v1.5< **
siemensindustrial_edge_device_kit_arm64_v1.6< **
siemensindustrial_edge_device_kit_arm64_v1.7< **
siemensindustrial_edge_device_kit_arm64_v1.8< **
siemensindustrial_edge_device_kit_arm64_v1.9< **
siemensindustrial_edge_device_kit_x86-64_v1.10< **
siemensindustrial_edge_device_kit_x86-64_v1.11< **
siemensindustrial_edge_device_kit_x86-64_v1.12< **

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability targets specific API endpoints that do not properly enforce user authentication — monitor for unauthenticated requests to API endpoints on Siemens Industrial Edge devices, especially those that succeed without valid credentials
  • Exploitation is classified as Authorization Bypass Through User-Controlled Key (CWE-639) — look for API requests where a user identity/key is supplied in the request without a corresponding valid authentication token or session
  • Successful exploitation requires the attacker to know a legitimate username — monitor for reconnaissance activity (e.g., user enumeration attempts) against Industrial Edge device management interfaces prior to API abuse
  • The attack vector is network-based with no privileges required and no user interaction (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) — alert on unauthenticated remote connections to management APIs of affected Siemens Industrial Edge devices from untrusted network segments
  • ·The specific API endpoint paths that are improperly authenticated are not disclosed in the available advisories — detection rules cannot target specific URL paths without further vendor technical detail

CVSS provenance

nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv4.010.0CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.