Cyber Posture

CVE-2025-40738

High

Published: 08 July 2025

Published
08 July 2025
Modified
21 August 2025
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0172 82.5th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-40738 is a high-severity Path Traversal (CWE-22) vulnerability in Siemens Sinec Nms. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 17.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly requires validation of file paths in uploaded ZIP files to prevent path traversal exploitation.

SI-2 Flaw Remediation good match
prevent

Mandates timely flaw remediation through patching to SINEC NMS V4.0 or later, eliminating the vulnerability.

SI-7 Software, Firmware, and Information Integrity good match
detect

Implements file integrity monitoring to detect unauthorized file writes to restricted locations from path traversal.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
attack.mitre.org →
Why these techniques?

Path traversal in ZIP extraction enables arbitrary file write leading to web shell deployment and RCE with privilege escalation on a public-facing app.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially…

more

execute code with elevated privileges (ZDI-CAN-26572).

Deeper analysisAI

CVE-2025-40738 is a path traversal vulnerability (CWE-22) affecting SINEC NMS in all versions prior to V4.0. The application does not properly validate file paths when extracting uploaded ZIP files, which can enable attackers to write files outside intended directories. Published on 2025-07-08, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to network accessibility, low attack complexity, and significant impacts across confidentiality, integrity, and availability.

An authenticated attacker with low privileges can exploit this vulnerability remotely without user interaction. By crafting a malicious ZIP file with path traversal sequences, they can write arbitrary files to restricted locations on the server, potentially achieving remote code execution with elevated privileges as referenced in ZDI-CAN-26572.

Siemens security advisory SSA-078892 provides details on the vulnerability and mitigation, available at https://cert-portal.siemens.com/productcert/html/ssa-078892.html. Updating to SINEC NMS V4.0 or later addresses the issue in affected versions.

Details

CWE(s)
CWE-22

Affected Products

siemens
sinec nms
≤ 4.0

CVEs Like This One

CVE-2025-40737Same product: Siemens Sinec Nms
CVE-2025-40735Same product: Siemens Sinec Nms
CVE-2025-40736Same product: Siemens Sinec Nms
CVE-2026-25655Same product: Siemens Sinec Nms
CVE-2026-25656Same product: Siemens Sinec Nms
CVE-2025-27395Same vendor: Siemens
CVE-2025-27494Same vendor: Siemens
CVE-2025-3671Shared CWE-22
CVE-2025-3740Shared CWE-22
CVE-2025-40746Same vendor: Siemens

References