CVE-2025-40800 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-40800 PUBLISHED CVSS 7.400000095367432 HIGH

A vulnerability has been identified in COMOS V10.6 (All versions < V10.6.1), COMOS V10.6 (All versions < V10.6.1), NX V2412 (All versions < V2412.8700), NX V2506 (All versions < V2506.6000), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Solid Edge SE2025 (All versions < V225.0 Update 10), Solid Edge SE2026 (All versions < V226.0 Update 1). The IAM client in affected products is missing server certificate validation while establishing TLS connections to the authorization server. This could allow an attacker to perform a man-in-the-middle attack.

EPSS 0.02% · 5.8th percentile

Risk Scores

CVSS v3.1

7.400000095367432

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Score

0.02%

5.8th percentile

Affected Products

Vendor	Product	Versions
Siemens	Solid Edge SE2025	0
Siemens	NX V2412	0
Siemens	Solid Edge SE2026	0
Siemens	Simcenter Femap	0
Siemens	NX V2506	0
Siemens	COMOS V10.6	0, 0
Siemens	Simcenter 3D	0

Timeline

Apr 16, 2025 CVE ID Reserved
Dec 9, 2025 EPSS Score
Dec 9, 2025 CVE Published
Dec 9, 2025 PoC Published
Dec 11, 2025 PoC Published
Dec 13, 2025 EPSS Score
Dec 13, 2025 PoC Published
Dec 16, 2025 EPSS Score
Dec 20, 2025 EPSS Score
Dec 24, 2025 EPSS Score
Dec 27, 2025 EPSS Score
Dec 31, 2025 EPSS Score

References

Open in Interactive Console →