SQL Injection Vulnerability in SINEC NMS by Siemens
CVE-2025-40755
8.7HIGH
What is CVE-2025-40755?
A vulnerability exists in SINEC NMS for all versions prior to V4.0 SP1, allowing authenticated low privileged attackers to exploit the getTotalAndFilterCounts endpoint. This SQL injection vulnerability can enable attackers to insert malicious data, potentially leading to privilege escalation and unauthorized access to sensitive information.
Affected Version(s)
SINEC NMS 0
References
CVSS V4
Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved