CVE-2025-40945
Received
Received - Intake
Path Traversal in Siemens IAM Client SDK
Vulnerability report for CVE-2025-40945, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-14
Last updated on: 2026-07-14
Assigner: Siemens AG
Description
Description
A vulnerability has been identified in COMOS V10.4.5 (All versions < V10.4.5.0.2), COMOS V10.6 (All versions < V10.6.1), Designcenter NX (All versions < V2512.7000), Simcenter 3D (All versions < V2512.7000), Simcenter Femap V2506 (All versions < V2506.0003), Simcenter Femap V2512 (All versions < V2512.0002), Simcenter Nastran (All versions < V2606), Simcenter STAR-CCM+ (All versions < V2606), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Teamcenter Visualization V2412 (All versions < V2412.0012), Teamcenter Visualization V2506 (All versions < V2506.0009), Teamcenter Visualization V2512 (All versions < V2512.2605), Tecnomatix Plant Simulation V2404 (All versions < V2404.0022), Tecnomatix Plant Simulation V2504 (All versions < V2504.0010), Tecnomatix Process Simulate (All versions < V2606). Untrusted search path in IAM Client SDK may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| siemens | comos | to 10.4.5.0.2 (exc) |
| siemens | comos | to 10.6.1 (exc) |
| siemens | designcenter_nx | to 2512.7000 (exc) |
| siemens | simcenter_3d | to 2512.7000 (exc) |
| siemens | simcenter_femap | to 2506.0003 (exc) |
| siemens | simcenter_femap | to 2512.0002 (exc) |
| siemens | simcenter_nastran | to 2606 (exc) |
| siemens | simcenter_star-ccm+ | to 2606 (exc) |
| siemens | solid_edge | to 225.0_update_13 (exc) |
| siemens | solid_edge | to 226.0_update_04 (exc) |
| siemens | teamcenter_visualization | to 2412.0012 (exc) |
| siemens | teamcenter_visualization | to 2506.0009 (exc) |
| siemens | teamcenter_visualization | to 2512.2605 (exc) |
| siemens | tecnomatix_plant_simulation | to 2404.0022 (exc) |
| siemens | tecnomatix_plant_simulation | to 2504.0010 (exc) |
| siemens | tecnomatix_process_simulate | to 2606 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-426 | The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control. |