PatchSiren cyber security CVE debrief
CVE-2025-40772 Siemens CVE debrief
CVE-2025-40772 is a stored cross-site scripting (XSS) issue in Siemens SiPass integrated server applications. According to the advisory text supplied in the source corpus, successful exploitation can let an attacker execute malicious code in another user’s browser, impersonate users inside the application, and steal session data. Siemens/CISA assign the issue a CVSS 3.1 score of 7.4 (HIGH).
- Vendor
- Siemens
- Product
- SiPass integrated
- CVSS
- HIGH 7.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-10-14
- Original CVE updated
- 2026-02-12
- Advisory published
- 2025-10-14
- Advisory updated
- 2026-02-12
Who should care
Organizations running Siemens SiPass integrated, especially administrators and security teams responsible for the product’s server applications and any shared user-facing web interfaces.
Technical summary
The supplied advisory describes a stored XSS condition affecting Siemens SiPass integrated server applications. The attacker’s injected content is rendered to other users, creating a path to session theft and user impersonation. The provided CVSS vector is CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H, indicating that exploitation requires adjacent access, low attack complexity, low privileges, and user interaction, with high potential impact to confidentiality, integrity, and availability. The remediation data in the corpus calls for updating to V3.0 or later and restricting access to authorized and trusted personnel only.
Defensive priority
High. Prioritize remediation for any deployment where multiple users can access the affected server applications or where the interface is exposed beyond a tightly controlled trusted network.
Recommended defensive actions
- Update Siemens SiPass integrated to V3.0 or later using the vendor remediation guidance supplied in the advisory.
- Restrict access to authorized and trusted personnel only until remediation is complete.
- Review any user-supplied or operator-supplied fields in the affected interfaces for stored XSS handling weaknesses.
- Apply defense-in-depth controls recommended for industrial control system environments, including limiting exposure of management interfaces.
- Monitor for suspicious script content or unexpected browser-side behavior in affected application pages after remediation.
Evidence notes
All statements are drawn from the supplied CISA CSAF source item and its listed Siemens/CISA references. The corpus states a stored XSS vulnerability in Siemens SiPass integrated, the impact of session theft and impersonation, the CVSS 3.1 vector AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H, and remediation to update to V3.0 or later plus access restriction. Published date used here is 2025-10-14; modified/republication context is 2026-02-12. The provided enrichment marks this as not listed in KEV.
Official resources
-
CVE-2025-40772 CVE record
CVE.org
-
CVE-2025-40772 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA ICS Advisory ICSA-25-289-06 on 2025-10-14. The supplied source metadata shows a latest CISA republication update on 2026-02-12 based on Siemens ProductCERT SSA-599451. No KEV listing is present in the provided sup