Details of VAR-202507-0094

ID

VAR-202507-0094

CVE

CVE-2025-40740

TITLE

Siemens' Solid Edge Out-of-bounds read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2025-012078

DESCRIPTION

A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. Siemens' Solid Edge Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens Solid Edge SE2025 is a development software of Siemens, a German company

Trust: 2.16

sources: NVD: CVE-2025-40740 // JVNDB: JVNDB-2025-012078 // CNVD: CNVD-2025-16626

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-16626

AFFECTED PRODUCTS

vendor:	siemens	model:	solid edge	scope:	lte	version:	se2025	Trust: 1.0
vendor:	siemens	model:	solid edge	scope:	eq	version:	se2025	Trust: 1.0
vendor:	シーメンス	model:	solid edge	scope:	eq	version:	-	Trust: 0.8
vendor:	シーメンス	model:	solid edge	scope:	lte	version:	se2025 and earlier	Trust: 0.8
vendor:	シーメンス	model:	solid edge	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	solid edge	scope:	eq	version:	se2025	Trust: 0.8
vendor:	siemens	model:	solid edge se2025 update	scope:	lt	version:	v225.05	Trust: 0.6

sources: CNVD: CNVD-2025-16626 // JVNDB: JVNDB-2025-012078 // NVD: CVE-2025-40740

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2025-40740
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-012078
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-16626
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-16626
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

productcert@siemens.com:	CVE-2025-40740
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-012078
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-16626 // JVNDB: JVNDB-2025-012078 // NVD: CVE-2025-40740

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.0
problemtype:	Out-of-bounds read (CWE-125) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-012078 // NVD: CVE-2025-40740

PATCH

title:

Patch for Siemens Solid Edge SE2025 out-of-bounds read vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/711156

Trust: 0.6

sources: CNVD: CNVD-2025-16626

EXTERNAL IDS

db:	NVD	id:	CVE-2025-40740	Trust: 3.2
db:	SIEMENS	id:	SSA-091753	Trust: 2.4
db:	JVN	id:	JVNVU99667406	Trust: 0.8
db:	ICS CERT	id:	ICSA-25-191-02	Trust: 0.8
db:	JVNDB	id:	JVNDB-2025-012078	Trust: 0.8
db:	CNVD	id:	CNVD-2025-16626	Trust: 0.6

sources: CNVD: CNVD-2025-16626 // JVNDB: JVNDB-2025-012078 // NVD: CVE-2025-40740

REFERENCES

url:	https://cert-portal.siemens.com/productcert/html/ssa-091753.html	Trust: 2.4
url:	https://jvn.jp/vu/jvnvu99667406/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-40740	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-02	Trust: 0.8

sources: CNVD: CNVD-2025-16626 // JVNDB: JVNDB-2025-012078 // NVD: CVE-2025-40740

SOURCES

db:	CNVD	id:	CNVD-2025-16626
db:	JVNDB	id:	JVNDB-2025-012078
db:	NVD	id:	CVE-2025-40740

LAST UPDATE DATE

2025-08-23T23:07:00.223000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-16626	date:	2025-07-22T00:00:00
db:	JVNDB	id:	JVNDB-2025-012078	date:	2025-08-22T06:01:00
db:	NVD	id:	CVE-2025-40740	date:	2025-08-21T14:42:11.767

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-16626	date:	2025-07-22T00:00:00
db:	JVNDB	id:	JVNDB-2025-012078	date:	2025-08-22T00:00:00
db:	NVD	id:	CVE-2025-40740	date:	2025-07-08T11:15:30.560