CVE-2025-40744 | THREATINT

Description

A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 11). Affected applications do not properly validate client certificates to connect to License Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks.

PUBLISHED Reserved 2025-04-16 | Published 2025-11-11 | Updated 2025-11-12 | Assigner siemens

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-295: Improper Certificate Validation

Product status

Default status

unknown

Any version before V225.0 Update 11

affected

References

cert-portal.siemens.com/productcert/html/ssa-522291.html

cve.org (CVE-2025-40744)

nvd.nist.gov (CVE-2025-40744)

Download JSON