Cyber Posture

CVE-2025-40735

High

Published: 08 July 2025

Published
08 July 2025
Modified
21 August 2025
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0026 49.4th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-40735 is a high-severity SQL Injection (CWE-89) vulnerability in Siemens Sinec Nms. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 49.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly prevents SQL injection vulnerabilities like CVE-2025-40735 by validating and sanitizing all user inputs before database processing.

SI-2 Flaw Remediation good match
prevent

Requires timely patching and remediation of the specific SQL injection flaw in SINEC NMS versions prior to V4.0 as per vendor advisory.

RA-5 Vulnerability Monitoring and Scanning good match
prevent

Mandates vulnerability scanning to identify and remediate SQL injection issues like CVE-2025-40735 before exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Direct SQL injection in a network-accessible management application enables remote exploitation of a public-facing service (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected devices are vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database.

Deeper analysisAI

CVE-2025-40735 is a SQL injection vulnerability affecting SINEC NMS in all versions prior to V4.0. The flaw allows execution of arbitrary SQL queries on the server database, as identified under CWE-89. It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity with network accessibility, low attack complexity, and potential for high impacts on confidentiality, integrity, and availability. The vulnerability was published on 2025-07-08.

An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary SQL queries against the affected devices. While the CVSS vector specifies low privileges required (PR:L), the description emphasizes unauthenticated remote access, enabling attackers with network reach to the SINEC NMS instance to manipulate the database, potentially extracting sensitive data, modifying records, or disrupting services.

For mitigation guidance, refer to the Siemens product CERT advisory at https://cert-portal.siemens.com/productcert/html/ssa-078892.html, which provides details on patches and remediation steps.

Details

CWE(s)
CWE-89

Affected Products

siemens
sinec nms
≤ 4.0

CVEs Like This One

CVE-2025-40736Same product: Siemens Sinec Nms
CVE-2025-40738Same product: Siemens Sinec Nms
CVE-2025-40737Same product: Siemens Sinec Nms
CVE-2026-25655Same product: Siemens Sinec Nms
CVE-2026-25656Same product: Siemens Sinec Nms
CVE-2025-40795Same vendor: Siemens
CVE-2026-3180Shared CWE-89
CVE-2025-1872Shared CWE-89
CVE-2026-32458Shared CWE-89
CVE-2026-24494Shared CWE-89

References