CVE-2025-27395

High

Published: 11 March 2025

Published

11 March 2025

Modified

22 August 2025

KEV Added

—

Patch

—

CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0038 59.6th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27395 is a high-severity Path Traversal (CWE-22) vulnerability in Siemens Scalance Lpe9403 Firmware. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 40.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Data from Local System (T1005) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations limiting SFTP file access scope and privileges, directly preventing arbitrary read/write by authenticated high-privilege attackers.

AC-6 Least Privilege good match

prevent

Applies least privilege to restrict even high-privilege accounts from accessing arbitrary files via SFTP functionality.

SI-10 Information Input Validation good match

prevent

Validates SFTP path inputs to reject traversal sequences, blocking the CWE-22 vulnerability enabling unauthorized file access.

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

T1105 Ingress Tool Transfer Command And Control

Adversaries may transfer tools or other files from an external system into a compromised environment.

attack.mitre.org →

T1565.001 Stored Data Manipulation Impact

Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.

attack.mitre.org →

Why these techniques?

Path traversal in SFTP directly enables arbitrary local file reads (T1005) and writes, facilitating tool ingress (T1105) and stored data manipulation (T1565.001) on the device.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the scope of files accessible through and the privileges of the SFTP functionality. This could allow an authenticated highly-privileged remote attacker…

to read and write arbitrary files.

Deeper analysisAI

CVE-2025-27395 is a path traversal vulnerability (CWE-22) affecting Siemens SCALANCE LPE9403 devices (order number 6GK5998-3GS00-2AC2) in all versions prior to V4.0. The flaw arises because these devices fail to properly restrict the scope of files accessible via the SFTP functionality and do not enforce appropriate privilege limitations. This issue has a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) and was published on March 11, 2025.

An authenticated attacker with high privileges can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation enables the attacker to read and write arbitrary files on the affected device, potentially leading to full compromise including high impacts on confidentiality, integrity, and availability.

The Siemens product CERT advisory (SSA-075201) at https://cert-portal.siemens.com/productcert/html/ssa-075201.html provides details on mitigation, which includes updating to version V4.0 or later where available. Security practitioners should consult the advisory for full patch instructions and any workarounds for systems unable to update immediately.