Input Validation Flaw in RUGGEDCOM ROX Series by Siemens
CVE-2025-40948

6.1MEDIUM

Key Information:

Vendor: Siemens
Status: Ruggedcom Rox Mx5000; Ruggedcom Rox Mx5000re; Ruggedcom Rox Rx1400; Ruggedcom Rox Rx1500
Vendor: CVE Published:; 12 May 2026

What is CVE-2025-40948?

An input validation vulnerability exists in the JSON-RPC interface of various RUGGEDCOM ROX devices from Siemens. This flaw allows an authenticated remote attacker to exploit the weakness and read files from the underlying operating system's filesystem with elevated privileges. Remediation involves upgrading to version V2.17.1 or later to safeguard against unauthorized access.

Affected Version(s)

RUGGEDCOM ROX MX5000 0

RUGGEDCOM ROX MX5000RE 0

RUGGEDCOM ROX RX1400 0

References

https://cert-portal.siemens.com/productcert/html/ssa-9739...

CVSS V4

Score:

6.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 16, 2025

CVE-2025-40948 Data

JSON