CVE-2025-40737
CVE-2025-40737
In short
SINEC NMS doesn't properly check file paths when extracting ZIP files, allowing attackers to write files to protected system locations and potentially run malicious code with high privileges.
Technical detail
Path traversal vulnerability in ZIP extraction mechanism (CWE-22) allows unauthenticated or low-privileged attackers to bypass directory restrictions via specially crafted ZIP archives, potentially achieving arbitrary code execution with elevated privileges. Affected versions prior to V4.0 lack input validation on extracted file paths.
Summary generated and translated by AI from the official description.
A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privileges (ZDI-CAN-26571).
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Siemens · SINEC NMSWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →