PT-2025-49832 · Nx+2 · Nx+5
Published
2025-12-09
·
Updated
2026-01-05
·
CVE-2025-40800
CVSS v3.1
7.4
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
COMOS versions prior to V10.6
NX versions prior to V2412.8700
NX versions prior to V2506.6000
Simcenter 3D versions prior to V2506.6000
Simcenter Femap versions prior to V2506.0002
Solid Edge SE2025 versions prior to V225.0 Update 10
Solid Edge SE2026 versions prior to V226.0 Update 1
Description
The IAM client in the affected products lacks proper server certificate validation when creating TLS connections to the authorization server. This condition could enable an attacker to conduct a man-in-the-middle attack.
Recommendations
Update COMOS to a version later than V10.6.
Update NX to a version later than V2412.8700.
Update NX to a version later than V2506.6000.
Update Simcenter 3D to a version later than V2506.6000.
Update Simcenter Femap to a version later than V2506.0002.
Update Solid Edge SE2025 to a version later than V225.0 Update 10.
Update Solid Edge SE2026 to a version later than V226.0 Update 1.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Comos
Nx
Simcenter 3D
Simcenter Femap
Solid Edge Se2025
Solid Edge Se2026