CVE 8.8 HIGH

CVE-2026-25654_CVE-2026-25654

April 14, 2026 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do not properly validate user authorization when processing password reset requests. This could allow an authenticated remote attacker to bypass authorization checks, leading to the ability to reset the password of any arbitrary user account.

AI Analysis

A vulnerability in SINEC NMS allows an authenticated remote attacker to bypass authorization checks and reset the password of any arbitrary user account.

Basic Information

ID CVE-2026-25654

Source siemens

Published Apr 14, 2026 at 08:40

Affected Product

Vendor Siemens

Product SINEC NMS

Affected Versions Siemens SINEC NMS 0

CWE Classification

CWE-639

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Siemens

Product SINEC NMS

Version All versions < V4.0 SP3

References

cert-portal.siemens.com /productcert/html/ssa-605717.html

{
    "lastseen": "",
    "description": "A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do not properly validate user authorization when processing password reset requests. This could allow an authenticated remote attacker to bypass authorization checks, leading to the ability to reset the password of any arbitrary user account.",
    "published": "2026-04-14T08:40:41.053Z",
    "modified": "2026-04-14T08:40:41.053Z",
    "type": "cve",
    "title": "CVE-2026-25654",
    "source": "siemens",
    "references": "https://cert-portal.siemens.com/productcert/html/ssa-605717.html",
    "id": "CVE-2026-25654",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639"
    ],
    "cvelist": null,
    "sourceData": "Siemens SINEC NMS 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SINEC NMS",
    "version": "0",
    "vendor": "Siemens",
    "ai_description": "A vulnerability in SINEC NMS allows an authenticated remote attacker to bypass authorization checks and reset the password of any arbitrary user account.",
    "ai_severity": "High",
    "ai_vendor": "Siemens",
    "ai_product": "SINEC NMS",
    "ai_version": "All versions < V4.0 SP3",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply