CVE-2025-40945
Received Received - Intake

Path Traversal in Siemens IAM Client SDK

Vulnerability report for CVE-2025-40945, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Siemens AG

Description

A vulnerability has been identified in COMOS V10.4.5 (All versions < V10.4.5.0.2), COMOS V10.6 (All versions < V10.6.1), Designcenter NX (All versions < V2512.7000), Simcenter 3D (All versions < V2512.7000), Simcenter Femap V2506 (All versions < V2506.0003), Simcenter Femap V2512 (All versions < V2512.0002), Simcenter Nastran (All versions < V2606), Simcenter STAR-CCM+ (All versions < V2606), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Teamcenter Visualization V2412 (All versions < V2412.0012), Teamcenter Visualization V2506 (All versions < V2506.0009), Teamcenter Visualization V2512 (All versions < V2512.2605), Tecnomatix Plant Simulation V2404 (All versions < V2404.0022), Tecnomatix Plant Simulation V2504 (All versions < V2504.0010), Tecnomatix Process Simulate (All versions < V2606). Untrusted search path in IAM Client SDK may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 16 associated CPEs
Vendor Product Version / Range
siemens comos to 10.4.5.0.2 (exc)
siemens comos to 10.6.1 (exc)
siemens designcenter_nx to 2512.7000 (exc)
siemens simcenter_3d to 2512.7000 (exc)
siemens simcenter_femap to 2506.0003 (exc)
siemens simcenter_femap to 2512.0002 (exc)
siemens simcenter_nastran to 2606 (exc)
siemens simcenter_star-ccm+ to 2606 (exc)
siemens solid_edge to 225.0_update_13 (exc)
siemens solid_edge to 226.0_update_04 (exc)
siemens teamcenter_visualization to 2412.0012 (exc)
siemens teamcenter_visualization to 2506.0009 (exc)
siemens teamcenter_visualization to 2512.2605 (exc)
siemens tecnomatix_plant_simulation to 2404.0022 (exc)
siemens tecnomatix_plant_simulation to 2504.0010 (exc)
siemens tecnomatix_process_simulate to 2606 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-426 The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
AI Quick Actions have not been generated yet.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40945. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart