CVE-2025-40830 MEDIUM

CVE-2025-40830

Vendor Siemens

Product SINEC Security Monitor

Weakness CWE-285

Published December 9, 2025

Last update December 9, 2025

View on NVD All CVEs

CVSS base score

6.7/10

Attack vector Local

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability has been identified in SINEC Security Monitor (All versions < V4.10.0). The affected application does not have proper authorization checks for the file_transfer feature in ssmctl-client command. This could allow an authenticated, lowly privileged local attacker to read or write to any file on server or sensor.

Key dates

02Disclosure timeline

December 9, 2025 CVE published

December 9, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-40830

Related vulnerabilities

04Related CVE

CVE-2022-33713 CVE-2025-10675 fuyang_lipengjun platform queryAll AttributeController improper authorization CVE-2025-2320 274056675 springboot-openai-chatgpt User submit improper authorization CVE-2024-30260 Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline CVE-2026-3669 Freedom Factory dGEN1 com.dgen.alarm AlarmService improper authorization