DLL Hijacking Vulnerability in Siemens Installation Component
CVE-2025-30033

8.5HIGH

Key Information:

Vendor: Siemens
Status: Automation License Manager V6.0; Automation License Manager V6.2; Cemat V10.0; Cp Ptp Param Configuring Interface
Vendor: CVE Published:; 12 August 2025

What is CVE-2025-30033?

The Siemens Installation Component has a vulnerability that can be exploited through DLL hijacking. This security flaw allows attackers to execute arbitrary code when a legitimate user installs an application that relies on the affected component. Adopting secure coding practices and validating DLL sources are imperative to mitigate this issue. Users should ensure they are using the latest versions and apply vendor-recommended security updates.

Affected Version(s)

Automation License Manager V6.0 0

Automation License Manager V6.2 0

CEMAT V10.0 0

References

https://cert-portal.siemens.com/productcert/html/ssa-2820...

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2025
Vulnerability Reserved
Mar 14, 2025