CVE-2025-40751 MEDIUM

CVE-2025-40751

Vendor Siemens
Product SIMATIC RTLS Locating Manager
Weakness CWE-522 · Insufficiently protected credentials
Published August 12, 2025
Last update August 13, 2025

CVSS base score

6.3/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3). Affected SIMATIC RTLS Locating Manager Report Clients do not properly protect credentials that are used to authenticate to the server. This could allow an authenticated local attacker to extract the credentials and use them to escalate their access rights from the Manager to the Systemadministrator role.

Key dates

02Disclosure timeline

August 12, 2025 CVE published
August 13, 2025 Record updated