Privilege Escalation Vulnerability in Siemens License Server
CVE-2025-30000

5.4MEDIUM

Key Information:

Vendor: Siemens
Status: Siemens License Server (sls)
Vendor: CVE Published:; 8 April 2025

What is CVE-2025-30000?

A vulnerability has been discovered in the Siemens License Server (SLS) that allows users with lower privileges to escalate their permissions. This issue arises due to improper restrictions in user permission settings, potentially enabling attackers to gain unauthorized access to sensitive functionalities within the application. Even though the vulnerability applies to all versions prior to V4.3, it is critical for organizations utilizing the Siemens License Server to assess their systems and apply any necessary patches to mitigate the risks associated with this vulnerability.

Affected Version(s)

Siemens License Server (SLS) 0

References

https://cert-portal.siemens.com/productcert/html/ssa-5254...

CVSS V4

Score:

5.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Mar 13, 2025