- Description
- A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privileges (ZDI-CAN-26571).
- Source
- productcert@siemens.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 8.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- productcert@siemens.com
- CWE-22
- Hype score
- Not currently trending
[CVE-2025-40737: HIGH] Critical cyber security alert: Vulnerability in SINEC NMS (All versions < V4.0) allows attackers to write files in restricted areas, posing a high-risk threat.#cve,CVE-2025-40737,#cybersecurity https://t.co/AaBjLrmuvf https://t.co/ZRIPAYoY7i
@CveFindCom
8 Jul 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-40737 A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP fi… https://t.co/qEFclUggL5
@CVEnew
8 Jul 2025
228 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes