CVE-2025-40745 | THREATINT

Description

A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Simcenter STAR-CCM+ (All versions < V2602), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Tecnomatix Plant Simulation (All versions < V2504.0008). Affected applications do not properly validate client certificates to connect to Analytics Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks.

PUBLISHED Reserved 2025-04-16 | Published 2026-04-14 | Updated 2026-04-14 | Assigner siemens

LOW: 3.7CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

MEDIUM: 6.3CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-295: Improper Certificate Validation

Product status

Default status

unknown

Any version before V3.5.8.2

affected

Default status

unknown

Any version before V2506.6000

affected

Default status

unknown

Any version before V2506.0002

affected

Default status

unknown

Any version before V2602

affected

Default status

unknown

Any version before V225.0 Update 13

affected

Default status

unknown

Any version before V226.0 Update 04

affected

Default status

unknown

Any version before V2504.0008

affected

References

cert-portal.siemens.com/productcert/html/ssa-981622.html

cve.org (CVE-2025-40745)

nvd.nist.gov (CVE-2025-40745)

Download JSON