Authorization Weakness in SINEC Security Monitor by Siemens
CVE-2025-40830

8.4HIGH

Key Information:

Vendor: Siemens
Status: Sinec Security Monitor
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-40830?

A vulnerability was identified in SINEC Security Monitor that is present in all versions prior to V4.10.0. This issue arises due to insufficient authorization checks within the file_transfer feature of the ssmctl-client command. As a result, an authenticated, but low-privileged local attacker may exploit this weakness to manipulate or access files on the server or sensor without appropriate permissions.

Affected Version(s)

SINEC Security Monitor 0

References

https://cert-portal.siemens.com/productcert/html/ssa-8826...

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Apr 16, 2025

JSON