CVE-2025-40758 HIGH

CVE-2025-40758

Vendor Siemens
Product Mendix SAML (Mendix 10.12 compatible)
Weakness CWE-347
Published August 14, 2025
Last update August 14, 2025

CVSS base score

8.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

A vulnerability has been identified in Mendix SAML (Mendix 10.12 compatible) (All versions < V4.0.3), Mendix SAML (Mendix 10.21 compatible) (All versions < V4.1.2), Mendix SAML (Mendix 9.24 compatible) (All versions < V3.6.21). Affected versions of the module insufficiently enforce signature validation and binding checks. This could allow unauthenticated remote attackers to hijack an account in specific SSO configurations.

Key dates

02Disclosure timeline

August 14, 2025 CVE published
August 14, 2025 Record updated