What is CVE-2025-40765?

CVE-2025-40765 is a critical security vulnerability with a CVSS score of 9.3 in Siemens TeleControl Server Basic product. It is a Missing Authentication for Critical Function vulnerability that allows unauthenticated remote attackers to bypass authentication mechanisms entirely, obtain password hashes of legitimate users, and perform unauthorized database operations with full privileges, potentially leading to complete system compromise.

What Siemens products are affected by CVE-2025-40765?

The vulnerability impacts Siemens TeleControl Server Basic V3.1, specifically version V3.1.2.2 and all subsequent versions up to but not including V3.1.2.3. The TeleControl Server Basic is utilized in critical manufacturing sectors and is deployed worldwide.

What is the CVSS severity score for CVE-2025-40765?

CVE-2025-40765 has a CVSS score of 9.3, which indicates critical severity. This high score reflects the vulnerability's ability to allow unauthenticated remote attackers to completely bypass authentication, obtain password hashes, and execute database operations with full privileges without any user interaction required.

Do attackers need authentication to exploit CVE-2025-40765?

No, attackers do not need authentication to exploit CVE-2025-40765. The vulnerability is specifically a Missing Authentication for Critical Function issue that allows unauthenticated remote attackers to bypass authentication mechanisms entirely. This makes the vulnerability particularly dangerous as it can be exploited without any credentials or prior access.

What versions of Siemens TeleControl Server are vulnerable?

The vulnerability affects Siemens TeleControl Server Basic V3.1, specifically version V3.1.2.2 and all subsequent versions up to but not including V3.1.2.3. Version V3.1.2.3 and later versions have been patched and are not vulnerable.

What should organizations do about CVE-2025-40765?

Organizations running vulnerable versions of Siemens TeleControl Server Basic should update to version V3.1.2.3 or later as soon as possible. For organizations unable to immediately update, Siemens recommends restricting access to port 8000 on affected systems, limiting connectivity to trusted IP addresses only as a temporary mitigation measure.

What mitigation is available if immediate patching is not possible?

Organizations unable to immediately update to version V3.1.2.3 or later should restrict access to port 8000 on affected systems, limiting connectivity to trusted IP addresses only. This temporary mitigation can help reduce exposure while organizations plan and implement the permanent fix of updating to the patched version.

What industries use Siemens TeleControl Server Basic?

Siemens TeleControl Server Basic is utilized in critical manufacturing sectors and is deployed worldwide. Given its use in critical infrastructure and manufacturing, the vulnerability poses significant risks to industrial control systems and operational technology environments. Siemens is headquartered in Germany.

What type of vulnerability is CVE-2025-40765?

CVE-2025-40765 is classified as a Missing Authentication for Critical Function vulnerability. This type of vulnerability occurs when a system fails to properly authenticate users before granting access to critical functions, in this case allowing unauthenticated attackers to obtain password hashes and perform database operations that should require proper authentication.

What port should be protected to mitigate CVE-2025-40765?

Organizations should restrict access to port 8000 on affected Siemens TeleControl Server Basic systems. Limiting connectivity on this port to trusted IP addresses only can help mitigate the risk while organizations prepare to update to the patched version V3.1.2.3 or later.

Why is CVE-2025-40765 considered critical?

CVE-2025-40765 is considered critical with a CVSS score of 9.3 because it allows unauthenticated remote attackers to completely bypass authentication mechanisms, obtain sensitive password hashes, and execute database operations with full privileges. The vulnerability requires no authentication, no user interaction, and can lead to complete system compromise. Its presence in critical manufacturing infrastructure worldwide makes it particularly serious.

Advisory

Critical authentication bypass flaw reported in Siemens TeleControl Server Basic

Q: What can attackers do by exploiting CVE-2025-40765?

Attackers exploiting CVE-2025-40765 can bypass authentication mechanisms entirely and gain access to sensitive password hashes of legitimate users. Once obtained, these credentials can be used to authenticate to the database service and execute operations with full privileges, potentially leading to complete system compromise. This allows unauthorized database operations and full control over the affected system.

Q: Has Siemens patched CVE-2025-40765?

Yes, Siemens has patched the vulnerability. Siemens TeleControl Server Basic V3.1 version V3.1.2.3 and later versions are not affected by this vulnerability. Organizations running vulnerable versions should update to version V3.1.2.3 or later as soon as possible to protect their systems.

published: Oct. 16, 2025

Take action: If you're using Siemens TeleControl Server Basic V3.1, make sure it's isolated from the internet and accessible only from trusted networks. Then plan an update to V3.1.2.3 or later, or restrict access to port 8000 as a temporary workaround since an attacker can steal legitimate passwords and log in.

Learn More

Siemens has patched a critical security vulnerability in its TeleControl Server Basic product that could allow unauthenticated remote attackers to obtain password hashes and perform unauthorized database operations.

The vulnerability is tracked as CVE-2025-40765 (CVSS score 9.3), a Missing Authentication for Critical Function vulnerability that enables attackers to bypass authentication mechanisms entirely, gaining access to sensitive password hashes of legitimate users. Once obtained, these credentials can be used to authenticate to the database service and execute operations with full privileges, potentially leading to complete system compromise.

The vulnerability impacts Siemens TeleControl Server Basic V3.1, version V3.1.2.2 and all subsequent versions up to V3.1.2.3. The TeleControl Server Basic is utilized in critical manufacturing sectors and is deployed worldwide, with Siemens headquartered in Germany.

Siemens TeleControl Server Basic V3.1 version V3.1.2.3 and later versions are not affected by this vulnerability. Organizations running vulnerable versions should update as soon as possible

Organizations unable to immediately update to version V3.1.2.3 or later should restrict access to port 8000 on affected systems, limiting connectivity to trusted IP addresses.

Critical authentication bypass flaw reported in Siemens TeleControl Server Basic

Read More
Siemens releases January patch, including fixes for 7 …
Security vulnerabilities reported in Kaleris Navis N4 terminal …
CISA reports actively exploted flaw in Digiever Network …
Rockwell Automation patches critical flaws in ThinManager ThinServer
Multiple Vulnerabilities Reported in EVMAPA Electric Vehicle Charging …