User Enumeration Vulnerability in Gridscale X Prepay by Siemens
CVE-2025-40806

6.9MEDIUM

Key Information:

Vendor: Siemens
Status: Gridscale X Prepay
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-40806?

A vulnerability has been identified in Gridscale X Prepay versions prior to 4.2.1, allowing for user enumeration through distinguishable responses. This flaw may enable an unauthenticated remote attacker to ascertain valid usernames, thereby facilitating subsequent brute force attacks against the system. It is crucial for users of the affected product to implement necessary security measures to mitigate potential risks.

Affected Version(s)

Gridscale X Prepay 0

References

https://cert-portal.siemens.com/productcert/html/ssa-3563...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Apr 16, 2025

JSON