CVE-2026-25656

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SINEC NMS versions prior to 2.15.2.1 User Management Component (UMC) versions prior to 2.15.2.1

Description The application allows unauthorized modification of a configuration file by a user with limited privileges. This could enable an attacker to load malicious DLLs, potentially resulting in arbitrary code execution with SYSTEM privileges.

Recommendations Update SINEC NMS to version 2.15.2.1 or later. Update User Management Component (UMC) to version 2.15.2.1 or later.

Fix

LPE

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427

Related Identifiers

BDU:2026-05799

CVE-2026-25656

ZDI-26-132

Affected Products

Sinec Nms

User Management

CVE-2026-25656

Weakness Enumeration

Related Identifiers

Affected Products

References · 8