CVE-2025-40737

Name of the Vulnerable Software and Affected Versions: SINEC NMS versions prior to V4.0

Description: A vulnerability has been identified in the affected application where it does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privileges.

Recommendations: For versions prior to V4.0, update to version V4.0 or later to resolve the issue. As a temporary workaround, consider restricting the upload of ZIP files or implementing additional validation on file paths to minimize the risk of exploitation.