CVE-2025-25266 MEDIUM

CVE-2025-25266

Vendor Siemens
Product Tecnomatix Plant Simulation V2302
Weakness CWE-552 · Files accessible externally
Published March 11, 2025
Last update March 11, 2025

CVSS base score

6.8/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

What the vulnerability does

01Description

A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application does not properly restrict access to the file deletion functionality. This could allow an unauthorized attacker to delete files even when access to the system should be prohibited, resulting in potential data loss or unauthorized modification of system files.

Key dates

02Disclosure timeline

March 11, 2025 CVE published
March 11, 2025 Record updated