CVE-2025-40767 | THREATINT

Description

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application runs docker containers without adequate security controls to enforce isolation. This could allow an attacker to gain elevated access, potentially accessing sensitive host system resources.

PUBLISHED Reserved 2025-04-16 | Published 2025-08-12 | Updated 2025-08-12 | Assigner siemens

HIGH: 7.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

HIGH: 8.8CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-250: Execution with Unnecessary Privileges

Product status

Default status

unknown

Any version before V3.0

affected

References

cert-portal.siemens.com/productcert/html/ssa-517338.html

cve.org (CVE-2025-40767)

nvd.nist.gov (CVE-2025-40767)

Download JSON