Cyber Resilience

CVE-2025-40736

Critical

Published: 08 July 2025

Published
08 July 2025
Modified
21 August 2025
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0048 65.5th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-40736 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Siemens Sinec Nms. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 34.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2025-40736 is a critical vulnerability in SINEC NMS, affecting all versions prior to V4.0. The affected application exposes an endpoint that enables unauthorized modification of administrative credentials, classified as CWE-306 (Missing Authentication for Critical Function). Published on 2025-07-08, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for complete compromise.

An unauthenticated attacker with network access can exploit this vulnerability with low complexity and no user interaction. By leveraging the exposed endpoint, the attacker can reset the superadmin password, gaining full control of the SINEC NMS application and potentially compromising confidentiality, integrity, and availability of the system (ZDI-CAN-26569).

Siemens has published security advisory SSA-078892 at https://cert-portal.siemens.com/productcert/html/ssa-078892.html, which details the vulnerability and mitigation steps for affected systems.

EU & UK References

Vulnerability details

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application exposes an endpoint that allows an unauthorized modification of administrative credentials. This could allow an unauthenticated attacker to reset the superadmin password and gain full…

more

control of the application (ZDI-CAN-26569).

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1098 Account Manipulation Persistence
Adversaries may manipulate accounts to maintain and/or elevate access to victim systems.
Why these techniques?

Missing authentication on public endpoint directly enables exploitation of public-facing app (T1190) to perform unauthorized account credential changes (T1098).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-40735Same product: Siemens Sinec Nms
CVE-2025-40738Same product: Siemens Sinec Nms
CVE-2025-40737Same product: Siemens Sinec Nms
CVE-2026-25655Same product: Siemens Sinec Nms
CVE-2025-40765Same vendor: Siemens
CVE-2026-25656Same product: Siemens Sinec Nms
CVE-2025-26359Shared CWE-306
CVE-2026-1670Shared CWE-306
CVE-2017-20220Shared CWE-306
CVE-2025-40795Same vendor: Siemens

Affected Assets

siemens
sinec nms
≤ 4.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

AC-14 explicitly identifies and authorizes only essential actions without identification or authentication, directly preventing exposure of critical functions like unauthorized administrative credential modification.

prevent

AC-3 enforces approved authorizations for access to system resources, blocking unauthenticated attackers from exploiting the exposed endpoint to reset superadmin passwords.

prevent

IA-5 requires protection of authenticators from unauthorized modification, mitigating the vulnerability that allows unauthenticated reset of administrative credentials.

References