CVE-2025-40736

Name of the Vulnerable Software and Affected Versions: SINEC NMS versions prior to V4.0

Description: A vulnerability has been identified in the affected application, which exposes an endpoint that allows unauthorized modification of administrative credentials. This could allow an unauthenticated attacker to reset the superadmin password and gain full control of the application.

Recommendations: For versions prior to V4.0, update to version V4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the exposed endpoint to minimize the risk of exploitation. Avoid using the affected application until the issue is resolved.