Home

Description

A vulnerability has been identified in COMOS V10.4.5 (All versions < V10.4.5.0.2), COMOS V10.6 (All versions < V10.6.1), Designcenter NX (All versions < V2512.7000), Simcenter 3D (All versions < V2512.7000), Simcenter Femap V2506 (All versions < V2506.0003), Simcenter Femap V2512 (All versions < V2512.0002), Simcenter Nastran (All versions < V2606), Simcenter STAR-CCM+ (All versions < V2606), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Teamcenter Visualization V2412 (All versions < V2412.0012), Teamcenter Visualization V2506 (All versions < V2506.0009), Teamcenter Visualization V2512 (All versions < V2512.2605), Tecnomatix Plant Simulation V2404 (All versions < V2404.0022), Tecnomatix Plant Simulation V2504 (All versions < V2504.0010), Tecnomatix Process Simulate (All versions < V2606). Untrusted search path in IAM Client SDK may allow an authenticated user to potentially enable escalation of privilege via local access.

PUBLISHED Reserved 2025-04-16 | Published 2026-07-14 | Updated 2026-07-14 | Assigner siemens




MEDIUM: 6.7CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-426: Untrusted Search Path

Product status

Default status
unknown

Any version before V10.4.5.0.2
affected

Default status
unknown

Any version before V10.6.1
affected

Default status
unknown

Any version before V2512.7000
affected

Default status
unknown

Any version before V2512.7000
affected

Default status
unknown

Any version before V2506.0003
affected

Default status
unknown

Any version before V2512.0002
affected

Default status
unknown

Any version before V2606
affected

Default status
unknown

Any version before V2606
affected

Default status
unknown

Any version before V225.0 Update 13
affected

Default status
unknown

Any version before V226.0 Update 04
affected

Default status
unknown

Any version before V2412.0012
affected

Default status
unknown

Any version before V2506.0009
affected

Default status
unknown

Any version before V2512.2605
affected

Default status
unknown

Any version before V2404.0022
affected

Default status
unknown

Any version before V2504.0010
affected

Default status
unknown

Any version before V2606
affected

References

cert-portal.siemens.com/productcert/html/ssa-288252.html

cve.org (CVE-2025-40945)

nvd.nist.gov (CVE-2025-40945)

Download JSON