CVE-2025-40755 HIGH

CVE-2025-40755

Vendor Siemens

Product SINEC NMS

Weakness CWE-89 · SQLi

Published October 14, 2025

Last update November 25, 2025

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP1). Affected applications are vulnerable to SQL injection through getTotalAndFilterCounts endpoint. An authenticated low privileged attacker could exploit to insert data and achieve privilege escalation. (ZDI-CAN-26570)

Key dates

02Disclosure timeline

October 14, 2025 CVE published

November 25, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-40755 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2025-11037 code-projects E-Commerce Website admin_index_search.php sql injection CVE-2024-8081 itsourcecode Payroll Management System login.php sql injection CVE-2026-32767 SiYuan: Authorization Bypass Allows Arbitrary SQL Execution via Search API CVE-2025-25206 Incorrect input validation could allow an authenticated user to read sensitive information CVE-2024-43941 WordPress Propovoice Pro plugin <= 1.7.0.3 - Unauthenticated SQL Injection vulnerability