Cyber Posture

CVE-2025-40765

Critical

Published: 14 October 2025

Published
14 October 2025
Modified
21 October 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0013 31.9th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-40765 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Siemens Telecontrol Server Basic. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 31.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AU-13 (Monitoring for Information Disclosure) and SC-7 (Boundary Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the CVE by requiring timely identification, reporting, and correction of the information disclosure flaw through vendor patches.

SC-7 Boundary Protection good match
preventdetect

Monitors and controls communications at external boundaries to block or detect unauthenticated remote exploitation of the vulnerability.

AU-13 Monitoring for Information Disclosure good match
detect

Specifically monitors for information disclosure events, enabling identification of unauthorized access to password hashes.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1212 Exploitation for Credential Access Credential Access
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
attack.mitre.org →
Why these techniques?

Unauthenticated remote exploitation of a public-facing application discloses password hashes, enabling initial access (T1190) and credential access via exploitation (T1212).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A vulnerability has been identified in TeleControl Server Basic V3.1 (All versions >= V3.1.2.2 < V3.1.2.3). The affected application contains an information disclosure vulnerability. This could allow an unauthenticated remote attacker to obtain password hashes of users and to login…

more

to and perform authenticated operations of the database service.

Deeper analysisAI

CVE-2025-40765 is an information disclosure vulnerability (CWE-306) in TeleControl Server Basic V3.1, affecting all versions greater than or equal to V3.1.2.2 and less than V3.1.2.3. The flaw resides in the affected application and enables the exposure of sensitive user password hashes.

An unauthenticated remote attacker can exploit this vulnerability over the network with low attack complexity, requiring no privileges or user interaction, as reflected in its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Exploitation allows the attacker to obtain the password hashes, subsequently log in to the database service, and perform authenticated operations.

Siemens has published Security Advisory SSA-062309 addressing this issue, available at https://cert-portal.siemens.com/productcert/html/ssa-062309.html.

Details

CWE(s)
CWE-306

Affected Products

siemens
telecontrol server basic
3.1.2.2

CVEs Like This One

CVE-2025-40942Same product: Siemens Telecontrol Server Basic
CVE-2025-40736Same vendor: Siemens
CVE-2025-40735Same vendor: Siemens
CVE-2024-50630Shared CWE-306
CVE-2025-40795Same vendor: Siemens
CVE-2025-27392Same vendor: Siemens
CVE-2025-27393Same vendor: Siemens
CVE-2025-23363Same vendor: Siemens
CVE-2025-27494Same vendor: Siemens
CVE-2025-40737Same vendor: Siemens

References