CVE-2025-40765_CVE-2025-40765

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

A vulnerability has been identified in TeleControl Server Basic V3.1 (All versions >= V3.1.2.2 < V3.1.2.3). The affected application contains an information disclosure vulnerability. This could allow an unauthenticated remote attacker to obtain password hashes of users and to login to and perform authenticated operations of the database service.

AI Analysis

AI processing failed - returned non-JSON response

Basic Information

ID CVE-2025-40765

Source siemens

Published Oct 14, 2025 at 09:15

Affected Product

Vendor Siemens

Product TeleControl Server Basic V3.1

Version V3.1.2.2

Affected Versions Siemens TeleControl Server Basic V3.1 V3.1.2.2

CWE Classification

CWE-306

References

cert-portal.siemens.com /productcert/html/ssa-062309.html

{
    "lastseen": "",
    "description": "A vulnerability has been identified in TeleControl Server Basic V3.1 (All versions >= V3.1.2.2 < V3.1.2.3). The affected application contains an information disclosure vulnerability. This could allow an unauthenticated remote attacker to obtain password hashes of users and to login to and perform authenticated operations of the database service.",
    "published": "2025-10-14T09:15:16.351Z",
    "modified": "2025-10-14T09:15:16.351Z",
    "type": "cve",
    "title": "CVE-2025-40765",
    "source": "siemens",
    "references": "https://cert-portal.siemens.com/productcert/html/ssa-062309.html",
    "id": "CVE-2025-40765",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "Siemens TeleControl Server Basic V3.1 V3.1.2.2",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "TeleControl Server Basic V3.1",
    "version": "V3.1.2.2",
    "vendor": "Siemens",
    "ai_description": "AI processing failed - returned non-JSON response",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}