Cyber Posture

CVE-2026-25605

Medium

Published: 10 March 2026

Published
10 March 2026
Modified
12 March 2026
KEV Added
Patch
CVSS Score 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0002 4.7th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-25605 is a medium-severity External Control of File Name or Path (CWE-73) vulnerability in Siemens Sicam Siapp Sdk. Its CVSS base score is 6.7 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique File Deletion (T1070.004); ranked at the 4.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to File Deletion (T1070.004) and 2 other techniques.
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SI-10 Information Input Validation
addresses: CWE-73

Rejects externally supplied file or resource identifiers that fail validity checks.

MITRE ATT&CK Enterprise TechniquesAI

T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
attack.mitre.org →
T1485 Data Destruction Impact
Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources.
attack.mitre.org →
T1489 Service Stop Impact
Adversaries may stop or disable services on a system to render those services unavailable to legitimate users.
attack.mitre.org →
Why these techniques?

Vulnerability provides local arbitrary file/socket deletion capability (CWE-73) that directly enables data destruction (T1485), service disruption via targeted deletion (T1489), and indicator removal via file deletion (T1070.004).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected application performs file deletion without properly validating the file path or target. An attacker could delete files or sockets that the affected process has permission…

more

to remove, potentially resulting in denial of service or service disruption.

Deeper analysisAI

CVE-2026-25605 is a vulnerability in the SICAM SIAPP SDK, affecting all versions prior to V2.1.7. The issue stems from the application performing file deletion operations without properly validating the file path or target, which allows improper removal of files or sockets that the affected process has permission to delete. This flaw is classified under CWE-73 (External Control of File Name or Path) and carries a CVSS v3.1 base score of 6.7 (AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H), indicating medium severity with high impacts on integrity and availability but no confidentiality impact.

Exploitation requires local access to the system (AV:L) with no privileges (PR:N), though it demands high attack complexity (AC:H) and no user interaction (UI:N). A successful attacker could delete arbitrary files or sockets accessible to the SICAM SIAPP SDK process, potentially causing denial of service or broader service disruption on the host system.

Siemens has published security advisory SSA-903736, available at https://cert-portal.siemens.com/productcert/html/ssa-903736.html, which provides details on mitigation strategies and patches for this vulnerability.

Details

CWE(s)
CWE-73

Affected Products

siemens
sicam siapp sdk
≤ 2.17

CVEs Like This One

CVE-2026-25573Same product: Siemens Sicam Siapp Sdk
CVE-2026-25569Same product: Siemens Sicam Siapp Sdk
CVE-2026-25570Same product: Siemens Sicam Siapp Sdk
CVE-2025-0105Shared CWE-73
CVE-2026-23898Shared CWE-73
CVE-2025-24956Same vendor: Siemens
CVE-2025-23400Same vendor: Siemens
CVE-2026-23715Same vendor: Siemens
CVE-2026-23719Same vendor: Siemens
CVE-2025-27392Same vendor: Siemens

References