CVE-2025-40755

Name of the Vulnerable Software and Affected Versions Siemens SINEC NMS versions prior to 4.0 SP1

Description A SQL injection flaw exists in SINEC NMS through the getTotalAndFilterCounts API endpoint. An authenticated attacker with low privileges can exploit this issue to insert data, manipulate data, gain unauthorized access, and escalate privileges. The vulnerability occurs because the getTotalAndFilterCounts endpoint does not adequately sanitize user-supplied input before processing it, allowing for the execution of arbitrary SQL commands.

Recommendations Versions prior to 4.0 SP1 should be updated to version 4.0 SP1 or later.