Common Weakness Enumeration

CWE-639

Allowed

Authorization Bypass Through User-Controlled Key

Abstraction: Base · Status: Incomplete

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

3251 vulnerabilities reference this CWE, most recent first.

CVE-2025-41094 (GCVE-0-2025-41094)

Vulnerability from cvelistv5 – Published: 2025-09-30 11:14 – Updated: 2025-09-30 19:24
VLAI
Title
Insecure Direct Object Reference in GPS BOLD Workplanner
Summary
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated user to access to functional contract details using unauthorised internal identifiers.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
Impacted products
Credits
Ángel González
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-41094",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-30T19:23:59.180578Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-30T19:24:40.970Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BOLD Workplanner",
          "vendor": "GLOBAL PLANNING SOLUTIONS S.L (GPS)",
          "versions": [
            {
              "status": "affected",
              "version": "2.5.24"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "\u00c1ngel Gonz\u00e1lez"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (\u003ci\u003e4935b438f9b\u003c/i\u003e), consisting of a lack of adequate validation of user input, allowing an authenticated user to\u0026nbsp;access to functional\u0026nbsp;contract details using unauthorised internal identifiers.\u003cbr\u003e"
            }
          ],
          "value": "Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated user to\u00a0access to functional\u00a0contract details using unauthorised internal identifiers."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-30T11:14:33.108Z",
        "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "shortName": "INCIBE"
      },
      "references": [
        {
          "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/insecure-direct-object-reference-gps-bold-workplanner"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Insecure Direct Object Reference in GPS BOLD Workplanner",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
    "assignerShortName": "INCIBE",
    "cveId": "CVE-2025-41094",
    "datePublished": "2025-09-30T11:14:33.108Z",
    "dateReserved": "2025-04-16T09:09:36.725Z",
    "dateUpdated": "2025-09-30T19:24:40.970Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-41093 (GCVE-0-2025-41093)

Vulnerability from cvelistv5 – Published: 2025-09-30 11:13 – Updated: 2025-09-30 19:22
VLAI
Title
Insecure Direct Object Reference in GPS BOLD Workplanner
Summary
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated user to access to basic contract details using unauthorised internal identifiers.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
Impacted products
Credits
Ángel González
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-41093",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-30T19:22:30.097376Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-30T19:22:52.080Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BOLD Workplanner",
          "vendor": "GLOBAL PLANNING SOLUTIONS S.L (GPS)",
          "versions": [
            {
              "status": "affected",
              "version": "2.5.24"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "\u00c1ngel Gonz\u00e1lez"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (\u003ci\u003e4935b438f9b\u003c/i\u003e), consisting of a lack of adequate validation of user input, allowing an authenticated user to\u0026nbsp;access to\u0026nbsp;basic contract details using unauthorised internal identifiers.\u003cbr\u003e"
            }
          ],
          "value": "Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated user to\u00a0access to\u00a0basic contract details using unauthorised internal identifiers."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-30T11:13:48.555Z",
        "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "shortName": "INCIBE"
      },
      "references": [
        {
          "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/insecure-direct-object-reference-gps-bold-workplanner"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Insecure Direct Object Reference in GPS BOLD Workplanner",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
    "assignerShortName": "INCIBE",
    "cveId": "CVE-2025-41093",
    "datePublished": "2025-09-30T11:13:48.555Z",
    "dateReserved": "2025-04-16T09:09:36.724Z",
    "dateUpdated": "2025-09-30T19:22:52.080Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-41092 (GCVE-0-2025-41092)

Vulnerability from cvelistv5 – Published: 2025-09-30 11:12 – Updated: 2025-09-30 19:21
VLAI
Title
Insecure Direct Object Reference in GPS BOLD Workplanner
Summary
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated user to access to time records details using unauthorised internal identifiers.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
Impacted products
Credits
Ángel González
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-41092",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-30T19:19:51.735498Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-30T19:21:12.468Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BOLD Workplanner",
          "vendor": "GLOBAL PLANNING SOLUTIONS S.L (GPS)",
          "versions": [
            {
              "status": "affected",
              "version": "2.5.24"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "\u00c1ngel Gonz\u00e1lez"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (\u003ci\u003e4935b438f9b\u003c/i\u003e), consisting of a lack of adequate validation of user input, allowing an authenticated user to\u0026nbsp;access to time records details using unauthorised internal identifiers.\u003cbr\u003e"
            }
          ],
          "value": "Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated user to\u00a0access to time records details using unauthorised internal identifiers."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-30T11:12:59.221Z",
        "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "shortName": "INCIBE"
      },
      "references": [
        {
          "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/insecure-direct-object-reference-gps-bold-workplanner"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Insecure Direct Object Reference in GPS BOLD Workplanner",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
    "assignerShortName": "INCIBE",
    "cveId": "CVE-2025-41092",
    "datePublished": "2025-09-30T11:12:59.221Z",
    "dateReserved": "2025-04-16T09:09:36.724Z",
    "dateUpdated": "2025-09-30T19:21:12.468Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-41091 (GCVE-0-2025-41091)

Vulnerability from cvelistv5 – Published: 2025-09-30 11:10 – Updated: 2025-09-30 19:18
VLAI
Title
Insecure Direct Object Reference in GPS BOLD Workplanner
Summary
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated user to access to calendar details using unauthorised internal identifiers.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
Impacted products
Credits
Ángel González
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-41091",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-30T19:18:08.337566Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-30T19:18:22.090Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BOLD Workplanner",
          "vendor": "GLOBAL PLANNING SOLUTIONS S.L (GPS)",
          "versions": [
            {
              "status": "affected",
              "version": "2.5.24"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "\u00c1ngel Gonz\u00e1lez"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (\u003ci\u003e4935b438f9b\u003c/i\u003e), consisting of a lack of adequate validation of user input, allowing an authenticated user to\u0026nbsp;access to calendar details using unauthorised internal identifiers.\u003cbr\u003e"
            }
          ],
          "value": "Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated user to\u00a0access to calendar details using unauthorised internal identifiers."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-30T11:10:49.088Z",
        "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "shortName": "INCIBE"
      },
      "references": [
        {
          "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/insecure-direct-object-reference-gps-bold-workplanner"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Insecure Direct Object Reference in GPS BOLD Workplanner",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
    "assignerShortName": "INCIBE",
    "cveId": "CVE-2025-41091",
    "datePublished": "2025-09-30T11:10:49.088Z",
    "dateReserved": "2025-04-16T09:09:36.724Z",
    "dateUpdated": "2025-09-30T19:18:22.090Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-41086 (GCVE-0-2025-41086)

Vulnerability from cvelistv5 – Published: 2025-12-02 13:22 – Updated: 2025-12-02 14:24
VLAI
Title
Authorization bypass in GAMS from GAMS Development Corp.
Summary
Vulnerability in the access control system of the GAMS licensing system that allows unlimited valid licenses to be generated, bypassing any usage restrictions. The validator uses an insecure checksum algorithm; knowing this algorithm and the format of the license lines, an attacker can recalculate the checksum and generate a valid license to grant themselves full privileges without credentials or access to the source code, allowing them unrestricted access to GAMS's mathematical models and commercial solvers.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
Impacted products
Vendor Product Version
AMS Development Corp. GAMS Affected: 0 , ≤ 49.6.0 (custom)
Create a notification for this product.
Date Public
2025-11-28 11:00
Credits
Juan Embid Sánchez Francisco Guerrero Gallardo
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-41086",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-02T14:24:13.177532Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-02T14:24:21.854Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "GAMS",
          "vendor": "AMS Development Corp.",
          "versions": [
            {
              "lessThanOrEqual": "49.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:ams_development_corp.:gams:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "49.6.0",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Juan Embid S\u00e1nchez"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Francisco Guerrero Gallardo"
        }
      ],
      "datePublic": "2025-11-28T11:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Vulnerability in the access control system of the GAMS licensing system that allows unlimited valid licenses to be generated, bypassing any usage restrictions. The validator uses an insecure checksum algorithm; knowing this algorithm and the format of the license lines, an attacker can recalculate the checksum and generate a valid license to grant themselves full privileges without credentials or access to the source code, allowing them unrestricted access to GAMS\u0027s mathematical models and commercial solvers."
            }
          ],
          "value": "Vulnerability in the access control system of the GAMS licensing system that allows unlimited valid licenses to be generated, bypassing any usage restrictions. The validator uses an insecure checksum algorithm; knowing this algorithm and the format of the license lines, an attacker can recalculate the checksum and generate a valid license to grant themselves full privileges without credentials or access to the source code, allowing them unrestricted access to GAMS\u0027s mathematical models and commercial solvers."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-02T13:22:23.415Z",
        "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "shortName": "INCIBE"
      },
      "references": [
        {
          "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/authorization-bypass-gams-gams-development-corp"
        },
        {
          "tags": [
            "patch",
            "release-notes"
          ],
          "url": "https://www.gams.com/latest/docs/RN_51.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The vulnerability has been fixed in GAMS version 51."
            }
          ],
          "value": "The vulnerability has been fixed in GAMS version 51."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Authorization bypass in GAMS from GAMS Development Corp.",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
    "assignerShortName": "INCIBE",
    "cveId": "CVE-2025-41086",
    "datePublished": "2025-12-02T13:22:23.415Z",
    "dateReserved": "2025-04-16T09:09:36.724Z",
    "dateUpdated": "2025-12-02T14:24:21.854Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-41077 (GCVE-0-2025-41077)

Vulnerability from cvelistv5 – Published: 2026-01-12 14:54 – Updated: 2026-01-12 16:23
VLAI
Title
Multiple vulnerabilities in Viafirma products
Summary
IDOR vulnerability has been found in Viafirma Inbox v4.5.13 that allows any authenticated user without privileges in the application to list all users, access and modify their data. This allows the user's email addresses to be modified and, subsequently, using the password recovery functionality to access the application by impersonating any user, including those with administrative permissions.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
Impacted products
Vendor Product Version
Viafirma Inbox Affected: v4.5.13
Create a notification for this product.
Date Public
2026-01-12 14:43
Credits
Carlos Aguadé Cabañas
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-41077",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-12T15:27:46.505603Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-12T16:23:22.680Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Inbox",
          "vendor": "Viafirma",
          "versions": [
            {
              "status": "affected",
              "version": "v4.5.13"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Carlos Aguad\u00e9 Caba\u00f1as"
        }
      ],
      "datePublic": "2026-01-12T14:43:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IDOR vulnerability has been found in Viafirma Inbox v4.5.13 that allows any authenticated user without privileges in the application to list all users, access and modify their data. This allows the user\u0027s email addresses to be modified and, subsequently, using the password recovery functionality to access the application by impersonating any user, including those with administrative permissions."
            }
          ],
          "value": "IDOR vulnerability has been found in Viafirma Inbox v4.5.13 that allows any authenticated user without privileges in the application to list all users, access and modify their data. This allows the user\u0027s email addresses to be modified and, subsequently, using the password recovery functionality to access the application by impersonating any user, including those with administrative permissions."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-12T15:01:43.953Z",
        "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "shortName": "INCIBE"
      },
      "references": [
        {
          "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-viafirma-products"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The vulnerability has been fixed in Viafirma Inbox v4.5.27.\u003cbr\u003e"
            }
          ],
          "value": "The vulnerability has been fixed in Viafirma Inbox v4.5.27."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multiple vulnerabilities in Viafirma products",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
    "assignerShortName": "INCIBE",
    "cveId": "CVE-2025-41077",
    "datePublished": "2026-01-12T14:54:51.852Z",
    "dateReserved": "2025-04-16T09:09:35.597Z",
    "dateUpdated": "2026-01-12T16:23:22.680Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-41069 (GCVE-0-2025-41069)

Vulnerability from cvelistv5 – Published: 2025-11-13 13:23 – Updated: 2025-11-13 13:57
VLAI
Title
Insecure Direct Object References (IDOR) in DeporSite of T-Innova DeporSite
Summary
Insecure Direct Object Reference (IDOR) vulnerability in DeporSite of T-INNOVA. This vulnerability allows an attacker to access or modify unauthorized resources by manipulating requests using the 'idUsuario' parameter in ‘/ajax/TInnova_v2/Formulario_Consentimiento/llamadaAjax/obtenerDatosConsentimientos’, which could lead to the exposure or alteration os confidential data.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
Impacted products
Vendor Product Version
T-Innova DeporSite DSuite 2025 Affected: v02.14.1115
Create a notification for this product.
Date Public
2025-11-13 12:14
Credits
Pau Valls Peleteiro
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-41069",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-13T13:57:16.837424Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-13T13:57:22.144Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "DSuite 2025",
          "vendor": "T-Innova DeporSite",
          "versions": [
            {
              "status": "affected",
              "version": "v02.14.1115"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Pau Valls Peleteiro"
        }
      ],
      "datePublic": "2025-11-13T12:14:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insecure Direct Object Reference (IDOR) vulnerability in DeporSite of T-INNOVA. This vulnerability allows an attacker to access or modify unauthorized resources by manipulating requests using the \u0027idUsuario\u0027 parameter in \u2018/ajax/TInnova_v2/Formulario_Consentimiento/llamadaAjax/obtenerDatosConsentimientos\u2019, which could lead to the exposure or alteration os confidential data."
            }
          ],
          "value": "Insecure Direct Object Reference (IDOR) vulnerability in DeporSite of T-INNOVA. This vulnerability allows an attacker to access or modify unauthorized resources by manipulating requests using the \u0027idUsuario\u0027 parameter in \u2018/ajax/TInnova_v2/Formulario_Consentimiento/llamadaAjax/obtenerDatosConsentimientos\u2019, which could lead to the exposure or alteration os confidential data."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-13T13:23:30.279Z",
        "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "shortName": "INCIBE"
      },
      "references": [
        {
          "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/insecure-direct-object-references-idor-deporsite-t-innova-deporsite"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The manufacturer T-INNOVA assures that the vulnerability is not present in version DSuite 2025 v02.14.1115.\u003cbr\u003e"
            }
          ],
          "value": "The manufacturer T-INNOVA assures that the vulnerability is not present in version DSuite 2025 v02.14.1115."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Insecure Direct Object References (IDOR) in DeporSite of T-Innova DeporSite",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
    "assignerShortName": "INCIBE",
    "cveId": "CVE-2025-41069",
    "datePublished": "2025-11-13T13:23:18.794Z",
    "dateReserved": "2025-04-16T09:09:34.458Z",
    "dateUpdated": "2025-11-13T13:57:22.144Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-41020 (GCVE-0-2025-41020)

Vulnerability from cvelistv5 – Published: 2025-10-16 07:59 – Updated: 2025-10-16 15:36
VLAI
Title
Insecure direct object reference (IDOR) vulnerability in Sergestec's Exito
Summary
Insecure direct object reference (IDOR) vulnerability in Sergestec's Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers through the 'id' parameter in '/admin/ticket_a4.php'.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
Impacted products
Vendor Product Version
Sergestec Exito Affected: 8.0
Create a notification for this product.
Date Public
2025-10-14 10:00
Credits
Ignacio Aldarabi
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-41020",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-16T13:31:42.822409Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-16T15:36:50.159Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Exito",
          "vendor": "Sergestec",
          "versions": [
            {
              "status": "affected",
              "version": "8.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Ignacio Aldarabi"
        }
      ],
      "datePublic": "2025-10-14T10:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insecure direct object reference (IDOR) vulnerability in Sergestec\u0027s Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers through the \u0027id\u0027 parameter in \u0027/admin/ticket_a4.php\u0027."
            }
          ],
          "value": "Insecure direct object reference (IDOR) vulnerability in Sergestec\u0027s Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers through the \u0027id\u0027 parameter in \u0027/admin/ticket_a4.php\u0027."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-16T07:59:06.798Z",
        "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "shortName": "INCIBE"
      },
      "references": [
        {
          "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sergestec-products"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Insecure direct object reference (IDOR) vulnerability in Sergestec\u0027s Exito",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
    "assignerShortName": "INCIBE",
    "cveId": "CVE-2025-41020",
    "datePublished": "2025-10-16T07:59:06.798Z",
    "dateReserved": "2025-04-16T09:09:25.290Z",
    "dateUpdated": "2025-10-16T15:36:50.159Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-40805 (GCVE-0-2025-40805)

Vulnerability from cvelistv5 – Published: 2026-01-13 09:44 – Updated: 2026-05-12 08:20
VLAI
Summary
Affected devices do not properly enforce user authentication on specific API endpoints. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that the attacker has learned the identity of a legitimate user.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
Impacted products
Vendor Product Version
Siemens Industrial Edge Cloud Device (IECD) Affected: 0 , < V1.24.2 (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - arm64 V1.10 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - arm64 V1.11 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - arm64 V1.12 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - arm64 V1.13 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - arm64 V1.14 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - arm64 V1.15 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - arm64 V1.16 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - arm64 V1.17 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - arm64 V1.18 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - arm64 V1.19 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - arm64 V1.20 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - arm64 V1.21 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - arm64 V1.22 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - arm64 V1.23 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - arm64 V1.24 Affected: 0 , < V1.24.2 (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - arm64 V1.25 Affected: 0 , < V1.25.1 (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - arm64 V1.5 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - arm64 V1.6 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - arm64 V1.7 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - arm64 V1.8 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - arm64 V1.9 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - x86-64 V1.10 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - x86-64 V1.11 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - x86-64 V1.12 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - x86-64 V1.13 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - x86-64 V1.14 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - x86-64 V1.15 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - x86-64 V1.16 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - x86-64 V1.17 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - x86-64 V1.18 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - x86-64 V1.19 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - x86-64 V1.20 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - x86-64 V1.21 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - x86-64 V1.22 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - x86-64 V1.23 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - x86-64 V1.24 Affected: 0 , < V1.24.2 (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - x86-64 V1.25 Affected: 0 , < V1.25.1 (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - x86-64 V1.5 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - x86-64 V1.6 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - x86-64 V1.7 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - x86-64 V1.8 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Device Kit - x86-64 V1.9 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens Industrial Edge Own Device (IEOD) Affected: 0 , < V1.24.2 (custom)
Create a notification for this product.
Siemens Industrial Edge Virtual Device (IEVD) Affected: 0 , < V1.24.2 (custom)
Create a notification for this product.
Siemens SCALANCE LPE9413 Affected: 0 , < V2.2 (custom)
Create a notification for this product.
Siemens SCALANCE LPE9433 Affected: 0 , < V2.2 (custom)
Create a notification for this product.
Siemens SIMATIC Automation Workstation 19" Affected: 0 , < V1.3 (custom)
Create a notification for this product.
Siemens SIMATIC Automation Workstation 24" Affected: 0 , < V1.3 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1000 Unified Comfort Panel Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1000 Unified Comfort Panel hygienic Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1000 Unified Comfort Panel hygienic neutral design Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1000, Unified Comfort Panel neutral Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1200 Comfort Pro for stand (expandable, flange at the bottom) Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1200 Comfort Pro for support arm (expandable, round tube) and extension unit Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1200 Comfort Pro for support arm (not extendable, flange on top) Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1200 Comfort Pro neutral design for stand (expandable, flange at the bottom) Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm (expandable, round tube) and extensio Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm (not extendable, flange on top) Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1200 Unified Comfort Panel Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1200 Unified Comfort Panel hygienic Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1200 Unified Comfort Panel hygienic neutral design Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1200 Unified Comfort Panel neutral design Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1500 Comfort Pro for stand (expandable, flange at the bottom) Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1500 Comfort Pro for support arm (expandable, round tube) and extension unit Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1500 Comfort Pro for support arm (not extendable, flange on top) Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1500 Comfort Pro neutral design for stand (expandable, flange at the bottom) Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm (expandable, round tube) and extensio Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm (not extendable, flange on top) Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1500 Unified Comfort Panel Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1500 Unified Comfort Panel hygienic Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1500 Unified Comfort Panel hygienic neutral design Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1500 Unified Comfort Panel neutral design Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1900 Comfort Pro for stand (expandable, flange at the bottom) Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1900 Comfort Pro for support arm (expandable, round tube) and extension unit Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1900 Comfort Pro for support arm (not extendable, flange on top) Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1900 Comfort Pro neutral design for stand (expandable, flange at the bottom) Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1900 Comfort Pro neutral design for support arm (expandable, round tube) and extensio Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1900 Comfort Pro neutral design for support arm (not extendable, flange on top) Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1900 Unified Comfort Panel Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1900 Unified Comfort Panel hygienic Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1900 Unified Comfort Panel hygienic neutral design Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1900 Unified Comfort Panel neutral design Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP2200 Comfort Pro for stand (expandable, flange at the bottom) Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP2200 Comfort Pro for support arm (expandable, round tube) and extension unit Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP2200 Comfort Pro for support arm (not extendable, flange on top) Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP2200 Comfort Pro neutral design for stand (expandable, flange at the bottom) Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm (expandable, round tube) and extensio Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm (not extendable, flange on top) Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP2200 Unified Comfort Hygienic Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP2200 Unified Comfort Hygienic neutral design Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP2200 Unified Comfort Panel Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP2200 Unified Comfort Panel neutral design Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP700 Unified Comfort Panel Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP700 Unified Comfort Panel hygienic neutral design Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP700, Unified Comfort Panel neutral design Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC IOT2050 Affected: 0 , < V1.25.1 (custom)
Create a notification for this product.
Siemens SIMATIC IPC BX-39A Industrial Edge Device Affected: 0 , < V3.1 (custom)
Create a notification for this product.
Siemens SIMATIC IPC BX-59A Industrial Edge Device Affected: 0 , < V3.1 (custom)
Create a notification for this product.
Siemens SIMATIC IPC127E Industrial Edge Device Affected: 0 , < V3.1 (custom)
Create a notification for this product.
Siemens SIMATIC IPC227E Industrial Edge Device Affected: 0 , < V3.1 (custom)
Create a notification for this product.
Siemens SIMATIC IPC227G Industrial Edge Device Affected: 0 , < V3.1 (custom)
Create a notification for this product.
Siemens SIMATIC IPC427E Industrial Edge Device Affected: 0 , < V3.1 (custom)
Create a notification for this product.
Siemens SIMATIC IPC847E Industrial Edge Device Affected: 0 , < V3.1 (custom)
Create a notification for this product.
Siemens SIPLUS HMI MTP1000 Unified Comfort Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIPLUS HMI MTP1200 Unified Comfort Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIPLUS HMI MTP700 Unified Comfort Affected: 0 , < V21 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-40805",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T17:37:11.802050Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T17:37:40.414Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Cloud Device (IECD)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V1.24.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - arm64 V1.10",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - arm64 V1.11",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - arm64 V1.12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - arm64 V1.13",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - arm64 V1.14",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - arm64 V1.15",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - arm64 V1.16",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - arm64 V1.17",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - arm64 V1.18",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - arm64 V1.19",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - arm64 V1.20",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - arm64 V1.21",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - arm64 V1.22",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - arm64 V1.23",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - arm64 V1.24",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V1.24.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - arm64 V1.25",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V1.25.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - arm64 V1.5",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - arm64 V1.6",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - arm64 V1.7",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - arm64 V1.8",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - arm64 V1.9",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - x86-64 V1.10",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - x86-64 V1.11",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - x86-64 V1.12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - x86-64 V1.13",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - x86-64 V1.14",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - x86-64 V1.15",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - x86-64 V1.16",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - x86-64 V1.17",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - x86-64 V1.18",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - x86-64 V1.19",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - x86-64 V1.20",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - x86-64 V1.21",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - x86-64 V1.22",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - x86-64 V1.23",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - x86-64 V1.24",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V1.24.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - x86-64 V1.25",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V1.25.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - x86-64 V1.5",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - x86-64 V1.6",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - x86-64 V1.7",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - x86-64 V1.8",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Device Kit - x86-64 V1.9",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Own Device (IEOD)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V1.24.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Virtual Device (IEVD)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V1.24.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE LPE9413",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE LPE9433",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Automation Workstation 19\"",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V1.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Automation Workstation 24\"",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V1.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1000 Unified Comfort Panel",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1000 Unified Comfort Panel hygienic",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1000 Unified Comfort Panel hygienic neutral design",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1000, Unified Comfort Panel neutral",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1200 Comfort Pro for stand (expandable, flange at the bottom)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1200 Comfort Pro for support arm (expandable, round tube) and extension unit",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1200 Comfort Pro for support arm (not extendable, flange on top)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1200 Comfort Pro neutral design for stand (expandable, flange at the bottom)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm (expandable, round tube) and extensio",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm (not extendable, flange on top)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1200 Unified Comfort Panel",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1200 Unified Comfort Panel hygienic",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1200 Unified Comfort Panel hygienic neutral design",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1200 Unified Comfort Panel neutral design",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1500 Comfort Pro for stand (expandable, flange at the bottom)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1500 Comfort Pro for support arm (expandable, round tube) and extension unit",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1500 Comfort Pro for support arm (not extendable, flange on top)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1500 Comfort Pro neutral design for stand (expandable, flange at the bottom)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm (expandable, round tube) and extensio",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm (not extendable, flange on top)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1500 Unified Comfort Panel",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1500 Unified Comfort Panel hygienic",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1500 Unified Comfort Panel hygienic neutral design",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1500 Unified Comfort Panel neutral design",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1900 Comfort Pro for stand (expandable, flange at the bottom)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1900 Comfort Pro for support arm (expandable, round tube) and extension unit",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1900 Comfort Pro for support arm (not extendable, flange on top)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1900 Comfort Pro neutral design for stand (expandable, flange at the bottom)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1900 Comfort Pro neutral design for support arm (expandable, round tube) and extensio",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1900 Comfort Pro neutral design for support arm (not extendable, flange on top)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1900 Unified Comfort Panel",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1900 Unified Comfort Panel hygienic",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1900 Unified Comfort Panel hygienic neutral design",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1900 Unified Comfort Panel neutral design",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP2200 Comfort Pro for stand (expandable, flange at the bottom)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP2200 Comfort Pro for support arm (expandable, round tube) and extension unit",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP2200 Comfort Pro for support arm (not extendable, flange on top)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP2200 Comfort Pro neutral design for stand (expandable, flange at the bottom)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm (expandable, round tube) and extensio",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm (not extendable, flange on top)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP2200 Unified Comfort Hygienic",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP2200 Unified Comfort Hygienic neutral design",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP2200 Unified Comfort Panel",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP2200 Unified Comfort Panel neutral design",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP700\u00a0Unified Comfort Panel",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP700 Unified Comfort Panel hygienic neutral design",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP700 Unified Comfort Panel hygienic neutral design",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP700, Unified Comfort Panel neutral design",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IOT2050",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V1.25.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC BX-39A Industrial Edge Device",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC BX-59A Industrial Edge Device",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC127E Industrial Edge Device",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC227E Industrial Edge Device",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC227G Industrial Edge Device",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC427E Industrial Edge Device",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC847E Industrial Edge Device",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS HMI MTP1000 Unified Comfort",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS HMI MTP1200 Unified Comfort",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS HMI MTP700 Unified Comfort",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Affected devices do not properly enforce user authentication on specific API endpoints. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that the attacker has learned the identity of a legitimate user."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-12T08:20:44.842Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-014678.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-001536.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2025-40805",
    "datePublished": "2026-01-13T09:44:03.338Z",
    "dateReserved": "2025-04-16T08:50:26.973Z",
    "dateUpdated": "2026-05-12T08:20:44.842Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-40773 (GCVE-0-2025-40773)

Vulnerability from cvelistv5 – Published: 2025-10-14 09:15 – Updated: 2025-10-14 19:00
VLAI
Summary
A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request. Successful exploitation allows an attacker to potentially manipulate data belonging to other users.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
Impacted products
Vendor Product Version
Siemens SiPass integrated Affected: 0 , < V3.0 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-40773",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-14T19:00:31.582611Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-14T19:00:40.677Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SiPass integrated",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SiPass integrated (All versions \u003c V3.0). Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request.\r\n\r\nSuccessful exploitation allows an attacker to potentially manipulate data belonging to other users."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-14T09:15:19.971Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-599451.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2025-40773",
    "datePublished": "2025-10-14T09:15:19.971Z",
    "dateReserved": "2025-04-16T08:39:30.033Z",
    "dateUpdated": "2025-10-14T19:00:40.677Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design

For each and every data access, ensure that the user has sufficient privilege to access the record that is being requested.

Mitigation
Architecture and Design Implementation

Make sure that the key that is used in the lookup of a specific user's record is not controllable externally by the user or that any tampering can be detected.

Mitigation
Architecture and Design

Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering.

No CAPEC attack patterns related to this CWE.