CVE-2025-40738 in SINEC NMSinfo

Zusammenfassung

von MITRE • 08.07.2025

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privileges (ZDI-CAN-26572).

Be aware that VulDB is the high quality source for vulnerability data.

Zuständig

Siemens

Reservieren

16.04.2025

Veröffentlichung

08.07.2025

Moderieren

akzeptiert

Eintrag

VDB-315329

CPE

bereit

EPSS

0.07166

KEV

nein

Aktivitäten

very low

Quellen

Want to stay up to date on a daily basis?

Enable the mail alert feature now!