CVE-2026-25655
Published: 10 February 2026
Summary
CVE-2026-25655 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Siemens Sinec Nms. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces least privilege to prevent low-privileged users from modifying critical configuration files that enable malicious DLL loading and administrative privilege escalation.
Restricts access to configuration change processes and files to authorized personnel, directly blocking low-privileged users from improperly modifying the vulnerable configuration file.
Enforces approved access control policies to deny low-privileged users write access to the configuration file exploited for DLL hijacking.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability permits low-privileged local modification of a config file (CWE-427) to force loading of attacker-controlled DLLs by a higher-privileged process, directly enabling DLL side-loading for local privilege escalation to arbitrary admin code execution.
NVD Description
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2). The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary…
more
code execution with administrative privilege.(ZDI-CAN-28107)
Deeper analysisAI
CVE-2026-25655, published on 2026-02-10, affects SINEC NMS in all versions prior to V4.0 SP2. The vulnerability stems from the application permitting improper modification of a configuration file by a low-privileged user (CWE-427). This flaw enables the loading of malicious DLLs, potentially resulting in arbitrary code execution with administrative privileges. It has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A low-privileged local user can exploit this vulnerability by modifying the configuration file to reference a malicious DLL. Upon loading, this achieves arbitrary code execution under administrative privileges, compromising confidentiality, integrity, and availability with high impact.
Mitigation details are available in the Siemens security advisory at https://cert-portal.siemens.com/productcert/html/ssa-311973.html. Systems should be updated to SINEC NMS V4.0 SP2 or later to address the issue.
Details
- CWE(s)