CVE-2025-40818 LOW

CVE-2025-40818

Vendor Siemens
Product SINEMA Remote Connect Server
Weakness CWE-732
Published December 9, 2025
Last update December 9, 2025

CVSS base score

3.3/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4). Affected applications contain private SSL/TLS keys on the server that are not properly protected allowing any user with server access to read these keys. This could allow an authenticated attacker to impersonate the server potentially enabling man-in-the-middle, traffic decryption or unauthorized access to services that trust these certificates.

Key dates

02Disclosure timeline

December 9, 2025 CVE published
December 9, 2025 Record updated