VDB
CVE-2025-40818
CVE-2025-40818
PUBLISHED
CVSS 3.299999952316284 LOW
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4). Affected applications contain private SSL/TLS keys on the server that are not properly protected allowing any user with server access to read these keys. This could allow an authenticated attacker to impersonate the server potentially enabling man-in-the-middle, traffic decryption or unauthorized access to services that trust these certificates.
EPSS 0.01% · 2.0th percentile
Risk Scores
CVSS 3.1
3.299999952316284
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.01%
2.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| siemens | sinema_remote_connect_server | 0, 3.2, 3.2 |
| Siemens | SINEMA Remote Connect Server | 0 |
Exploit Intelligence
- CIRCL seen: CVE-2025-40818 (circl-sighting)
- https://cert-portal.siemens.com/productcert/html/ssa-626856.html (circl)
Timeline
- Apr 16, 2025 CVE ID Reserved
- Dec 9, 2025 EPSS Score
- Dec 9, 2025 CVE Published
- Dec 9, 2025 CVE Updated
- Dec 11, 2025 PoC Published
- Dec 13, 2025 EPSS Score
- Dec 17, 2025 EPSS Score
- Dec 22, 2025 EPSS Score
- Dec 26, 2025 EPSS Score
- Dec 30, 2025 EPSS Score
- Jan 3, 2026 EPSS Score
- Jan 7, 2026 EPSS Score