CVE-2025-40585CRITICAL 9.9EPSS p24.2%

CVE-2025-40585CVE-2025-40585

Description

A vulnerability has been identified in Energy Services (All versions with G5DFR). Affected solutions using G5DFR contain default credentials. This could allow an attacker to gain control of G5DFR component and tamper with outputs from the device.

Scoring

CVSS 3.19.9 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L
EPSS0.33% probability of exploitation · percentile 24.2% · 2026-06-19T12:03:05Z
Published2025-06-10
Last modified2026-04-15

Underlying weaknesses· 1

CWE-276

References

  1. https://cert-portal.siemens.com/productcert/html/ssa-345750.html

1

TypeTargetConfidenceTier
WeaknessIncorrect Default Permissionscwe-2760%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-40805
CVE
CVE-2025-48466
CVE
CVE-2025-1960
CVE
CVE-2025-41656
CVE
CVE-2025-59601
CVE
CVE-2026-35075
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.