VDB

CVE-2025-40773

CVE-2025-40773 PUBLISHED CVSS 3.5 LOW

A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request. Successful exploitation allows an attacker to potentially manipulate data belonging to other users.

EPSS 0.04% · 12.6th percentile

Risk Scores

CVSS 3.1
3.5
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS Score
0.04%
12.6th percentile

Affected Products

VendorProductVersions
siemenssipass_integrated0
SiemensSiPass integrated0

Timeline

  • Oct 14, 2025 EPSS Score
  • Oct 14, 2025 Coalition ESS Score
  • Oct 14, 2025 CVE Published
  • Oct 14, 2025 PoC Published
  • Oct 15, 2025 Coalition ESS Score
  • Oct 16, 2025 Coalition ESS Score
  • Oct 16, 2025 PoC Published
  • Oct 16, 2025 CVE Updated
  • Oct 20, 2025 EPSS Score
  • Oct 20, 2025 Coalition ESS Score
  • Oct 26, 2025 EPSS Score
  • Nov 1, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›