Advisory Details

July 8th, 2025

Siemens SINEC NMS unZipJarFilestoLocation Directory Traversal Remote Code Execution Vulnerability

CVE ID	CVE-2025-40737
CVSS SCORE	8.8, AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AFFECTED VENDORS	Siemens
AFFECTED PRODUCTS	SINEC NMS
VULNERABILITY DETAILS	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens SINEC NMS. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the implementation of the unZipJarFilestoLocation method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE.
ADDITIONAL DETAILS	Siemens has issued an update to correct this vulnerability. More details can be found at: https://cert-portal.siemens.com/productcert/html/ssa-078892.html
DISCLOSURE TIMELINE	2025-04-10 - Vulnerability reported to vendor 2025-07-08 - Coordinated public release of advisory 2025-07-08 - Advisory Updated
CREDIT	Anonymous

BACK TO ADVISORIES