CVE-2026-25654Authorization Bypass Through User-Controlled Key in Siemens Sinec NMS

CWE-639Authorization Bypass Through User-Controlled Key4 documents4 sources
Severity
8.7HIGHNVD
EPSS
0.0%
top 86.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Siemens Sinec NMS
Timeline
PublishedApr 14

Description

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do not properly validate user authorization when processing password reset requests. This could allow an authenticated remote attacker to bypass authorization checks, leading to the ability to reset the password of any arbitrary user account.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5siemens/sinec_nms< V4.0 SP3

🔴Vulnerability Details

2
CVEList
CVE-2026-25654: A vulnerability has been identified in SINEC NMS (All versions < V42026-04-14
GHSA
GHSA-qw84-4pc7-fxvw: A vulnerability has been identified in SINEC NMS (All versions < V42026-04-14
CVE-2026-25654 — Siemens Sinec NMS vulnerability | cvebase