VDB
CVE-2025-40773
CVE-2025-40773
PUBLISHED
CVSS 3.5 LOW
A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request. Successful exploitation allows an attacker to potentially manipulate data belonging to other users.
EPSS 0.04% · 12.6th percentile
Risk Scores
CVSS 3.1
3.5
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS Score
0.04%
12.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| siemens | sipass_integrated | 0 |
| Siemens | SiPass integrated | 0 |
Timeline
- Oct 14, 2025 EPSS Score
- Oct 14, 2025 Coalition ESS Score
- Oct 14, 2025 CVE Published
- Oct 14, 2025 PoC Published
- Oct 15, 2025 Coalition ESS Score
- Oct 16, 2025 Coalition ESS Score
- Oct 16, 2025 PoC Published
- Oct 16, 2025 CVE Updated
- Oct 20, 2025 EPSS Score
- Oct 20, 2025 Coalition ESS Score
- Oct 26, 2025 EPSS Score
- Nov 1, 2025 EPSS Score