CVE-2025-40744

HIGH

Solid Edge SE2025 <V225.0 Update 11 - Man in the Middle

Title source: llm

Description

A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 11). Affected applications do not properly validate client certificates to connect to License Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks.

References (1)

[Vendor Advisory] https://cert-portal.siemens.com/productcert/html/ssa-522291.html

Scores

CVSS v3 7.5

EPSS 0.0003

EPSS Percentile 6.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-295

Status published

Products (1)

Siemens/Solid Edge SE2025 < V225.0 Update 11

Published Nov 11, 2025

Tracked Since Feb 18, 2026