SQL Injection Vulnerability in SINEC NMS by Siemens
CVE-2025-40755

8.7HIGH

Key Information:

Vendor: Siemens
Status: Sinec Nms
Vendor: CVE Published:; 14 October 2025

What is CVE-2025-40755?

A vulnerability exists in SINEC NMS for all versions prior to V4.0 SP1, allowing authenticated low privileged attackers to exploit the getTotalAndFilterCounts endpoint. This SQL injection vulnerability can enable attackers to insert malicious data, potentially leading to privilege escalation and unauthorized access to sensitive information.

Affected Version(s)

SINEC NMS 0

References

https://cert-portal.siemens.com/productcert/html/ssa-3188...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Apr 16, 2025

JSON