Code Execution Flaw in Siemens License Server Affects All Versions Before 4.3
CVE-2025-29999

5.4MEDIUM

Key Information:

Vendor: Siemens
Status: Siemens License Server (sls)
Vendor: CVE Published:; 8 April 2025

What is CVE-2025-29999?

A flaw has been identified in Siemens License Server that permits execution of arbitrary code with administrative privileges. This vulnerability arises from the application's inadequate validation when searching for executable files within its own directory. An attacker can exploit this weakness by placing a malicious executable in the application folder, potentially compromising the system's security.

Affected Version(s)

Siemens License Server (SLS) 0

References

https://cert-portal.siemens.com/productcert/html/ssa-5254...

CVSS V4

Score:

5.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Mar 13, 2025