CVE-2025-23365
BaseFortify
Publication date: 2025-07-08
Last updated on: 2025-08-21
Assigner: Siemens AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| siemens | tia_administrator | to 3.0.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-23365 is a vulnerability in Siemens TIA Administrator versions prior to V3.0.6 that allows low-privileged users to escalate their privileges and execute arbitrary code. This is done by overwriting cache files and modifying the downloads path to trigger installations improperly. Essentially, an attacker with limited access can manipulate the application to run unauthorized code with higher privileges. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker with low privileges to escalate their access rights and execute arbitrary code on the affected system. This could lead to unauthorized control over the system, potentially compromising sensitive data, disrupting operations, or enabling further attacks within the network. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update TIA Administrator to version V3.0.6 or later. Additionally, protect network access to devices using appropriate security mechanisms and configure the environment according to Siemens' operational guidelines for Industrial Security. [1]