CVE-2025-40738
Published: 08 July 2025
Summary
CVE-2025-40738 is a high-severity Path Traversal (CWE-22) vulnerability in Siemens Sinec Nms. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 17.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-40738 affects Siemens SINEC NMS versions prior to V4.0. The flaw is a path traversal issue (CWE-22) in which the application fails to validate file paths during extraction of user-uploaded ZIP archives, allowing writes to arbitrary locations on the underlying file system.
An authenticated attacker with network access can supply a malicious ZIP that overwrites files outside the intended extraction directory. Successful exploitation can lead to arbitrary code execution with elevated privileges on the NMS server.
The Siemens advisory SSA-078892 recommends upgrading to SINEC NMS V4.0 or later, which contains the fix for the improper path validation during ZIP extraction.
EPSS remains low at 0.0172 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-20431
Vulnerability details
A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially…
more
execute code with elevated privileges (ZDI-CAN-26572).
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in ZIP extraction enables arbitrary file write leading to web shell deployment and RCE with privilege escalation on a public-facing app.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of file paths in uploaded ZIP files to prevent path traversal exploitation.
Mandates timely flaw remediation through patching to SINEC NMS V4.0 or later, eliminating the vulnerability.
Implements file integrity monitoring to detect unauthorized file writes to restricted locations from path traversal.