Broken Access Control in SiPass Integrated by Siemens
CVE-2025-40773

5.1MEDIUM

Key Information:

Vendor: Siemens
Status: Sipass Integrated
Vendor: CVE Published:; 14 October 2025

What is CVE-2025-40773?

A broken access control vulnerability exists in SiPass integrated versions prior to 3.0. This flaw allows attackers to bypass authorization mechanisms due to insufficient server-side checks. Exploitation of this vulnerability could lead to unauthorized access, enabling attackers to execute specific API requests and manipulate data belonging to other users. It's crucial for users of SiPass integrated to reinforce their security measures to mitigate potential risks.

Affected Version(s)

SiPass integrated 0

References

https://cert-portal.siemens.com/productcert/html/ssa-5994...

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Apr 16, 2025

JSON