Vulnerability Description
Affected devices do not properly enforce user authentication on specific API endpoints. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that the attacker has learned the identity of a legitimate user.
CVSS Score
CRITICAL
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/html/ssa-001536.html
- https://cert-portal.siemens.com/productcert/html/ssa-014678.html
FAQ
What is CVE-2025-40805?
CVE-2025-40805 is a vulnerability with a CVSS score of 10.0 (CRITICAL). Affected devices do not properly enforce user authentication on specific API endpoints. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitima...
How severe is CVE-2025-40805?
CVE-2025-40805 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-40805?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.