ID
VAR-202510-0482
CVE
CVE-2025-40772
DESCRIPTION
A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications are vulnerable to stored Cross-Site Scripting (XSS), allowing an attacker to inject malicious code that can be executed by other users when they visit the affected page. Successful exploitation allows an attacker to impersonate other users within the application and steal their session data. This could enable unauthorized access to accounts and potentially lead to privilege escalation.
Trust: 1.0
sources:
NVD: CVE-2025-40772
AFFECTED PRODUCTS
| vendor: | siemens | model: | sipass integrated | scope: | lt | version: | 3.00 | Trust: 1.0 |
sources:
NVD: CVE-2025-40772
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
NVD: CVE-2025-40772 //
NVD: CVE-2025-40772
PROBLEMTYPE DATA
| problemtype: | CWE-79 | Trust: 1.0 |
sources:
NVD: CVE-2025-40772
EXTERNAL IDS
| db: | SIEMENS | id: | SSA-599451 | Trust: 1.0 |
| db: | NVD | id: | CVE-2025-40772 | Trust: 1.0 |
sources:
NVD: CVE-2025-40772
REFERENCES
| url: | https://cert-portal.siemens.com/productcert/html/ssa-599451.html | Trust: 1.0 |
sources:
NVD: CVE-2025-40772
SOURCES
| db: | NVD | id: | CVE-2025-40772 |
LAST UPDATE DATE
2025-10-16T23:34:08.450000+00:00
SOURCES UPDATE DATE
| db: | NVD | id: | CVE-2025-40772 | date: | 2025-10-16T15:02:58.310 |
SOURCES RELEASE DATE
| db: | NVD | id: | CVE-2025-40772 | date: | 2025-10-14T10:15:38.470 |