Cyber Resilience

CVE-2026-25655

High

Published: 10 February 2026

Published
10 February 2026
Modified
12 February 2026
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0024 14.6th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-25655 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Siemens Sinec Nms. Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 14.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2026-25655, published on 2026-02-10, affects SINEC NMS in all versions prior to V4.0 SP2. The vulnerability stems from the application permitting improper modification of a configuration file by a low-privileged user (CWE-427). This flaw enables the loading of malicious DLLs, potentially resulting in arbitrary code execution with administrative privileges. It has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A low-privileged local user can exploit this vulnerability by modifying the configuration file to reference a malicious DLL. Upon loading, this achieves arbitrary code execution under administrative privileges, compromising confidentiality, integrity, and availability with high impact.

Mitigation details are available in the Siemens security advisory at https://cert-portal.siemens.com/productcert/html/ssa-311973.html. Systems should be updated to SINEC NMS V4.0 SP2 or later to address the issue.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2). The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary…

more

code execution with administrative privilege.(ZDI-CAN-28107)

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1574.001 DLL Stealth
Adversaries may abuse dynamic-link library files (DLLs) in order to achieve persistence, escalate privileges, and evade defenses.
Why these techniques?

Vulnerability permits low-privileged local modification of a config file (CWE-427) to force loading of attacker-controlled DLLs by a higher-privileged process, directly enabling DLL side-loading for local privilege escalation to arbitrary admin code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-25656Same product: Siemens Sinec Nms
CVE-2025-40737Same product: Siemens Sinec Nms
CVE-2025-40738Same product: Siemens Sinec Nms
CVE-2025-40735Same product: Siemens Sinec Nms
CVE-2025-40736Same product: Siemens Sinec Nms
CVE-2024-53977Same vendor: Siemens
CVE-2026-7279Shared CWE-427
CVE-2024-9495Shared CWE-427
CVE-2026-24502Shared CWE-427
CVE-2025-69784Shared CWE-427

Affected Assets

siemens
sinec nms
4.0 · ≤ 4.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces least privilege to prevent low-privileged users from modifying critical configuration files that enable malicious DLL loading and administrative privilege escalation.

prevent

Restricts access to configuration change processes and files to authorized personnel, directly blocking low-privileged users from improperly modifying the vulnerable configuration file.

prevent

Enforces approved access control policies to deny low-privileged users write access to the configuration file exploited for DLL hijacking.

References