VDB
CVE-2025-40819
CVE-2025-40819
PUBLISHED
CVSS 4.300000190734863 MEDIUM
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4). Affected applications do not properly validate license restrictions against the database, allowing direct modification of the system_ticketinfo table to bypass license limitations without proper enforcement checks. This could allow with database access to circumvent licensing restrictions by directly modifying database values and potentially enabling unauthorized use beyond the permitted scope.
EPSS 0.04% · 11.6th percentile
Risk Scores
CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS Score
0.04%
11.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | SINEMA Remote Connect Server | 0 |
| siemens | sinema_remote_connect_server | 3.2, 3.2, 3.2 |
Exploit Intelligence
- CIRCL seen: CVE-2025-40819 (circl-sighting)
- https://cert-portal.siemens.com/productcert/html/ssa-626856.html (circl)
Timeline
- Apr 16, 2025 CVE ID Reserved
- Dec 9, 2025 EPSS Score
- Dec 9, 2025 CVE Published
- Dec 9, 2025 CVE Updated
- Dec 11, 2025 PoC Published
- Dec 13, 2025 EPSS Score
- Dec 17, 2025 EPSS Score
- Dec 22, 2025 EPSS Score
- Dec 26, 2025 EPSS Score
- Dec 30, 2025 EPSS Score
- Jan 3, 2026 EPSS Score
- Jan 7, 2026 EPSS Score