Vulnerability Details CVE-2025-40830
A vulnerability has been identified in SINEC Security Monitor (All versions < V4.10.0). The affected application does not have proper authorization checks for the file_transfer feature in ssmctl-client command. This could allow an authenticated, lowly privileged local attacker to read or write to any file on server or sensor.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.1%
CVSS Severity
CVSS v3 Score 6.7
Products affected by CVE-2025-40830
-
cpe:2.3:a:siemens:sinec_security_monitor:*