CVE-2026-25605
Published: 10 March 2026
Summary
CVE-2026-25605 is a medium-severity External Control of File Name or Path (CWE-73) vulnerability in Siemens Sicam Siapp Sdk. Its CVSS base score is 5.9 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique File Deletion (T1070.004); ranked at the 5.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-3 (Access Enforcement).
Deeper analysis
CVE-2026-25605 is a vulnerability in the SICAM SIAPP SDK, affecting all versions prior to V2.1.7. The issue stems from the application performing file deletion operations without properly validating the file path or target, which allows improper removal of files or sockets that the affected process has permission to delete. This flaw is classified under CWE-73 (External Control of File Name or Path) and carries a CVSS v3.1 base score of 6.7 (AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H), indicating medium severity with high impacts on integrity and availability but no confidentiality impact.
Exploitation requires local access to the system (AV:L) with no privileges (PR:N), though it demands high attack complexity (AC:H) and no user interaction (UI:N). A successful attacker could delete arbitrary files or sockets accessible to the SICAM SIAPP SDK process, potentially causing denial of service or broader service disruption on the host system.
Siemens has published security advisory SSA-903736, available at https://cert-portal.siemens.com/productcert/html/ssa-903736.html, which provides details on mitigation strategies and patches for this vulnerability.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-10529
Vulnerability details
A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected application performs file deletion without properly validating the file path or target. An attacker could delete files or sockets that the affected process has permission…
more
to remove, potentially resulting in denial of service or service disruption.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability provides local arbitrary file/socket deletion capability (CWE-73) that directly enables data destruction (T1485), service disruption via targeted deletion (T1489), and indicator removal via file deletion (T1070.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of file path/name inputs before performing deletion operations, blocking the external control of file names that enables this CVE.
Limits the files/sockets the SICAM SIAPP SDK process is permitted to delete, reducing the impact of any unvalidated path supplied to the deletion routine.
Enforces access-control checks on file operations so that only explicitly authorized paths may be deleted by the affected process.