Cyber Resilience

CVE-2026-25605

Medium

Published: 10 March 2026

Published
10 March 2026
Modified
12 March 2026
KEV Added
Patch
CVSS Score v4 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0002 5.9th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-25605 is a medium-severity External Control of File Name or Path (CWE-73) vulnerability in Siemens Sicam Siapp Sdk. Its CVSS base score is 5.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique File Deletion (T1070.004); ranked at the 5.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2026-25605 is a vulnerability in the SICAM SIAPP SDK, affecting all versions prior to V2.1.7. The issue stems from the application performing file deletion operations without properly validating the file path or target, which allows improper removal of files or sockets that the affected process has permission to delete. This flaw is classified under CWE-73 (External Control of File Name or Path) and carries a CVSS v3.1 base score of 6.7 (AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H), indicating medium severity with high impacts on integrity and availability but no confidentiality impact.

Exploitation requires local access to the system (AV:L) with no privileges (PR:N), though it demands high attack complexity (AC:H) and no user interaction (UI:N). A successful attacker could delete arbitrary files or sockets accessible to the SICAM SIAPP SDK process, potentially causing denial of service or broader service disruption on the host system.

Siemens has published security advisory SSA-903736, available at https://cert-portal.siemens.com/productcert/html/ssa-903736.html, which provides details on mitigation strategies and patches for this vulnerability.

EU & UK References

Vulnerability details

A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected application performs file deletion without properly validating the file path or target. An attacker could delete files or sockets that the affected process has permission…

more

to remove, potentially resulting in denial of service or service disruption.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
T1485 Data Destruction Impact
Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources.
T1489 Service Stop Impact
Adversaries may stop or disable services on a system to render those services unavailable to legitimate users.
Why these techniques?

Vulnerability provides local arbitrary file/socket deletion capability (CWE-73) that directly enables data destruction (T1485), service disruption via targeted deletion (T1489), and indicator removal via file deletion (T1070.004).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-25573Same product: Siemens Sicam Siapp Sdk
CVE-2026-25569Same product: Siemens Sicam Siapp Sdk
CVE-2026-25570Same product: Siemens Sicam Siapp Sdk
CVE-2020-37080Shared CWE-73
CVE-2026-23898Shared CWE-73
CVE-2025-0105Shared CWE-73
CVE-2025-23397Same vendor: Siemens
CVE-2024-31854Same vendor: Siemens
CVE-2025-40942Same vendor: Siemens
CVE-2025-40765Same vendor: Siemens

Affected Assets

siemens
sicam siapp sdk
≤ 2.17

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of file path/name inputs before performing deletion operations, blocking the external control of file names that enables this CVE.

prevent

Limits the files/sockets the SICAM SIAPP SDK process is permitted to delete, reducing the impact of any unvalidated path supplied to the deletion routine.

prevent

Enforces access-control checks on file operations so that only explicitly authorized paths may be deleted by the affected process.

References