CVE-2025-40765CRITICAL 9.8EPSS p39.2%

CVE-2025-40765CVE-2025-40765

Description

A vulnerability has been identified in TeleControl Server Basic V3.1 (All versions >= V3.1.2.2 < V3.1.2.3). The affected application contains an information disclosure vulnerability. This could allow an unauthenticated remote attacker to obtain password hashes of users and to login to and perform authenticated operations of the database service.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.51% probability of exploitation · percentile 39.2% · 2026-06-19T12:03:05Z
Published2025-10-14
Last modified2025-10-21

Underlying weaknesses· 1

CWE-306

References

  1. https://cert-portal.siemens.com/productcert/html/ssa-062309.html

1

TypeTargetConfidenceTier
WeaknessMissing Authentication for Critical Functioncwe-3060%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-27540
CVE
CVE-2025-30031
CVE
CVE-2025-32475
CVE
CVE-2025-30030
CVE
CVE-2025-27539
CVE
CVE-2025-30002
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.