CVE-2025-25267 MEDIUM

CVE-2025-25267

Vendor Siemens
Product Tecnomatix Plant Simulation V2302
Weakness CWE-552 · Files accessible externally
Published March 11, 2025
Last update March 11, 2025

CVSS base score

6.2/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application does not properly restrict the scope of files accessible to the simulation model. This could allow an unauthorized attacker to compromise the confidentiality of the system.

Key dates

02Disclosure timeline

March 11, 2025 CVE published
March 11, 2025 Record updated