VDB
CVE-2025-40744
CVE-2025-40744
PUBLISHED
CVSS 7.5 HIGH
A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 11). Affected applications do not properly validate client certificates to connect to License Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks.
EPSS 0.03% · 7.4th percentile
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.03%
7.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Solid Edge SE2025 | 0 |
Exploit Intelligence
- CIRCL seen: CVE-2025-40744 (circl-sighting)
- CIRCL seen: CVE-2025-40744 (circl-sighting)
- CIRCL seen: CVE-2025-40744 (circl-sighting)
- https://cert-portal.siemens.com/productcert/html/ssa-522291.html (circl)
Timeline
- Nov 11, 2025 CVE Published
- Nov 11, 2025 PoC Published
- Nov 12, 2025 EPSS Score
- Nov 12, 2025 PoC Published
- Nov 13, 2025 PoC Published
- Nov 17, 2025 EPSS Score
- Nov 22, 2025 EPSS Score
- Nov 27, 2025 EPSS Score
- Dec 3, 2025 EPSS Score
- Dec 8, 2025 EPSS Score
- Dec 13, 2025 EPSS Score
- Dec 18, 2025 EPSS Score