- Description
- A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privileges (ZDI-CAN-26572).
- Source
- productcert@siemens.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 8.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- productcert@siemens.com
- CWE-22
- Hype score
- Not currently trending
[CVE-2025-40738: HIGH] Critical security flaw in SINEC NMS < V4.0 allows attackers to write files to restricted areas & potentially run code with elevated permissions (ZDI-CAN-26572).#cve,CVE-2025-40738,#cybersecurity https://t.co/D5X1GEXkOf https://t.co/oLHgCzz9O3
@CveFindCom
8 Jul 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-40738 A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP fi… https://t.co/lZby99nrlp
@CVEnew
8 Jul 2025
215 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes