CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-40755

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP1). Affected applications are vulnerable to SQL injection through getTotalAndFilterCounts endpoint. An authenticated low privileged attacker could exploit to insert data and achieve privilege escalation. (ZDI-CAN-26570)

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 8.9%

CVSS Severity

CVSS v3 Score 8.8

References

https://cert-portal.siemens.com/productcert/html/ssa-318832.html

Products affected by CVE-2025-40755

Siemens » Sinec Nms » Version: N/A

cpe:2.3:a:siemens:sinec_nms:-
Siemens » Sinec Nms » Version: 1.0

cpe:2.3:a:siemens:sinec_nms:1.0
Siemens » Sinec Nms » Version: 1.0.3

cpe:2.3:a:siemens:sinec_nms:1.0.3
Siemens » Sinec Nms » Version: 2.0

cpe:2.3:a:siemens:sinec_nms:2.0
Siemens » Sinec Nms » Version: 3.0

cpe:2.3:a:siemens:sinec_nms:3.0
Siemens » Sinec Nms » Version: 4.0

cpe:2.3:a:siemens:sinec_nms:4.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-40755

Products

Pricing

Contact Us