CVE-2025-40735

Name of the Vulnerable Software and Affected Versions: SINEC NMS versions prior to V4.0

Description: A vulnerability has been identified that makes the affected devices vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database.

Recommendations: For versions prior to V4.0, update to version V4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the database to minimize the risk of exploitation. Avoid using user-input data in SQL queries until the issue is resolved.