VDB
CVE-2025-40765
CVE-2025-40765
PUBLISHED
CVSS 9.800000190734863 CRITICAL
A vulnerability has been identified in TeleControl Server Basic V3.1 (All versions >= V3.1.2.2 < V3.1.2.3). The affected application contains an information disclosure vulnerability. This could allow an unauthenticated remote attacker to obtain password hashes of users and to login to and perform authenticated operations of the database service.
EPSS 0.12% · 31.1th percentile
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.12%
31.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | TeleControl Server Basic V3.1 | V3.1.2.2 |
| siemens | telecontrol_server_basic | 3.1.2.2 |
Exploit Intelligence
- CIRCL seen: CVE-2025-40765 (circl-sighting)
- CIRCL seen: CVE-2025-40765 (circl-sighting)
- https://cert-portal.siemens.com/productcert/html/ssa-062309.html (circl)
Timeline
- Oct 14, 2025 EPSS Score
- Oct 14, 2025 Coalition ESS Score
- Oct 14, 2025 CVE Published
- Oct 14, 2025 PoC Published
- Oct 15, 2025 Coalition ESS Score
- Oct 16, 2025 PoC Published
- Oct 20, 2025 EPSS Score
- Oct 21, 2025 Coalition ESS Score
- Oct 26, 2025 EPSS Score
- Nov 1, 2025 EPSS Score
- Nov 8, 2025 EPSS Score
- Nov 14, 2025 EPSS Score