VDB
CVE-2025-40774
CVE-2025-40774
PUBLISHED
CVSS 4.400000095367432 MEDIUM
A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications store user passwords encrypted in its database. Decryption keys are accessible to users with administrative privileges, allowing them to recover passwords. Successful exploitation of this vulnerability allows an attacker to obtain and use valid user passwords. This can lead to unauthorized access to user accounts, data breaches, and potential system compromise.
EPSS 0.02% · 5.5th percentile
Risk Scores
CVSS v3.1
4.400000095367432
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.02%
5.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | SiPass integrated | 0 |
| siemens | sipass_integrated | 0 |
Timeline
- Oct 14, 2025 EPSS Score
- Oct 14, 2025 Coalition ESS Score
- Oct 14, 2025 CVE Published
- Oct 14, 2025 PoC Published
- Oct 15, 2025 Coalition ESS Score
- Oct 16, 2025 Coalition ESS Score
- Oct 16, 2025 PoC Published
- Oct 16, 2025 CVE Updated
- Oct 20, 2025 EPSS Score
- Oct 20, 2025 Coalition ESS Score
- Oct 26, 2025 EPSS Score
- Nov 1, 2025 EPSS Score