Untrusted Search Path Vulnerability in Siemens COMOS, Simcenter and Solid Edge Products
CVE-2025-40945

8.5HIGH

Key Information:

Vendor

Siemens

Vendor
CVE Published:
14 July 2026

What is CVE-2025-40945?

A vulnerability exists in various Siemens software, including COMOS and Simcenter products, due to an untrusted search path in the IAM Client SDK. This flaw allows authenticated users to potentially escalate their privileges within the system through local access, posing significant security risks. Users and administrators should apply necessary updates to mitigate these risks.

Affected Version(s)

COMOS V10.4.5 0

COMOS V10.6 0

Designcenter NX 0

References

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.