VDB
CVE-2025-40800
CVE-2025-40800
PUBLISHED
CVSS 7.400000095367432 HIGH
A vulnerability has been identified in COMOS V10.6 (All versions < V10.6.1), COMOS V10.6 (All versions < V10.6.1), NX V2412 (All versions < V2412.8700), NX V2506 (All versions < V2506.6000), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Solid Edge SE2025 (All versions < V225.0 Update 10), Solid Edge SE2026 (All versions < V226.0 Update 1). The IAM client in affected products is missing server certificate validation while establishing TLS connections to the authorization server. This could allow an attacker to perform a man-in-the-middle attack.
EPSS 0.02% · 4.5th percentile
Risk Scores
CVSS 3.1
7.400000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
0.02%
4.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Solid Edge SE2025 | 0 |
| Siemens | NX V2412 | 0 |
| Siemens | Solid Edge SE2026 | 0 |
| Siemens | Simcenter Femap | 0 |
| Siemens | NX V2506 | 0 |
| Siemens | COMOS V10.6 | 0, 0 |
| Siemens | Simcenter 3D | 0 |
Exploit Intelligence
- CIRCL seen: CVE-2025-40800 (circl-sighting)
- CIRCL seen: CVE-2025-40800 (circl-sighting)
- CIRCL seen: CVE-2025-40800 (circl-sighting)
- CIRCL seen: CVE-2025-40800 (circl-sighting)
- https://cert-portal.siemens.com/productcert/html/ssa-868571.html (circl)
- https://cert-portal.siemens.com/productcert/html/ssa-212953.html (circl)
Timeline
- Apr 16, 2025 CVE ID Reserved
- Dec 9, 2025 EPSS Score
- Dec 9, 2025 CVE Published
- Dec 9, 2025 PoC Published
- Dec 11, 2025 PoC Published
- Dec 13, 2025 EPSS Score
- Dec 13, 2025 PoC Published
- Dec 17, 2025 EPSS Score
- Dec 22, 2025 EPSS Score
- Dec 26, 2025 EPSS Score
- Dec 30, 2025 EPSS Score
- Jan 3, 2026 EPSS Score