CVE-2025-40765 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-40765 PUBLISHED CVSS 9.800000190734863 CRITICAL

A vulnerability has been identified in TeleControl Server Basic V3.1 (All versions >= V3.1.2.2 < V3.1.2.3). The affected application contains an information disclosure vulnerability. This could allow an unauthenticated remote attacker to obtain password hashes of users and to login to and perform authenticated operations of the database service.

EPSS 0.13% · 32.3th percentile

Risk Scores

CVSS v3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.13%

32.3th percentile

Affected Products

Vendor	Product	Versions
Siemens	TeleControl Server Basic V3.1	V3.1.2.2
siemens	telecontrol_server_basic	3.1.2.2

Timeline

Oct 14, 2025 EPSS Score
Oct 14, 2025 Coalition ESS Score
Oct 14, 2025 CVE Published
Oct 14, 2025 PoC Published
Oct 15, 2025 Coalition ESS Score
Oct 16, 2025 PoC Published
Oct 20, 2025 EPSS Score
Oct 21, 2025 Coalition ESS Score
Oct 21, 2025 CVE Updated
Oct 25, 2025 EPSS Score
Oct 31, 2025 EPSS Score
Nov 5, 2025 EPSS Score

References

Open in Interactive Console →