CVE-2025-40773 LOW

CVE-2025-40773

Vendor Siemens
Product SiPass integrated
Weakness CWE-639 · IDOR
Published October 14, 2025
Last update October 14, 2025

CVSS base score

3.5/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request. Successful exploitation allows an attacker to potentially manipulate data belonging to other users.

Key dates

02Disclosure timeline

October 14, 2025 CVE published
October 14, 2025 Record updated

Related vulnerabilities

04Related CVE