CVE-2025-40758

{"id": "CVE-2025-40758", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 2.2}]}, "published": "2025-08-14T15:15:36.133", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-395458.html", "source": "productcert@siemens.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-347"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Mendix SAML (Mendix 10.12 compatible) (All versions < V4.0.3), Mendix SAML (Mendix 10.21 compatible) (All versions < V4.1.2), Mendix SAML (Mendix 9.24 compatible) (All versions < V3.6.21). Affected versions of the module insufficiently enforce signature validation and binding checks. This could allow unauthenticated remote attackers to hijack an account in specific SSO configurations."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en Mendix SAML (compatible con Mendix 10.12) (todas las versiones anteriores a la V4.0.3), Mendix SAML (compatible con Mendix 10.21) (todas las versiones anteriores a la V4.1.2) y Mendix SAML (compatible con Mendix 9.24) (todas las versiones anteriores a la V3.6.21). Las versiones afectadas del m\u00f3dulo no aplican correctamente la validaci\u00f3n de firmas ni las comprobaciones de vinculaci\u00f3n. Esto podr\u00eda permitir que atacantes remotos no autenticados secuestren una cuenta en configuraciones de SSO espec\u00edficas."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "productcert@siemens.com"}