CVE-2026-25570
Published: 10 March 2026
Summary
CVE-2026-25570 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Siemens Sicam Siapp Sdk. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack overflow enables local arbitrary code execution (PR:N, UI:N) which directly maps to exploitation primitives for privilege escalation via vulnerable process context (T1068) and client application code execution (T1203).
NVD Description
A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK does not perform checks on input values potentially resulting in stack overflow. This could allow an attacker to perform code execution and denial…
more
of service.
Deeper analysisAI
CVE-2026-25570, published on 2026-03-10, is a stack overflow vulnerability (CWE-121) in the SICAM SIAPP SDK, affecting all versions prior to V2.1.7. The SDK does not perform checks on input values, which can lead to a stack overflow condition.
The vulnerability has a CVSS v3.1 base score of 7.4 (AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). An attacker with local access can exploit it with high attack complexity and no privileges or user interaction required. Successful exploitation enables arbitrary code execution and denial of service, with high impacts on confidentiality, integrity, and availability.
Mitigation details are available in the Siemens product CERT advisory at https://cert-portal.siemens.com/productcert/html/ssa-903736.html.
Details
- CWE(s)