CVE-2025-40738
CVE-2025-40738
In short
SINEC NMS has a flaw where uploaded ZIP files aren't checked properly, allowing attackers to write files anywhere on the system, potentially gaining control of the application with high privileges.
Technical detail
Path traversal vulnerability in ZIP extraction routine (CWE-22) affecting SINEC NMS versions before 4.0. Attacker can upload a crafted ZIP archive with directory traversal sequences; improper path validation during extraction enables arbitrary file write to restricted locations, potentially leading to privilege escalation and code execution.
Summary generated and translated by AI from the official description.
A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privileges (ZDI-CAN-26572).
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Siemens · SINEC NMSWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →