Siemens Simcenter MITM via unvalidated client certs (preV3.5.8.2...)
CVE-2025-40745 Published on April 14, 2026
A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Simcenter STAR-CCM+ (All versions < V2602), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Tecnomatix Plant Simulation (All versions < V2504.0008). Affected applications do not properly validate client certificates to connect to Analytics Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks.
Weakness Type
Improper Certificate Validation
The software does not validate, or incorrectly validates, a certificate. When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host.
Products Associated with CVE-2025-40745
Want to know whenever a new CVE is published for Siemens products? stack.watch will email you.
Affected Versions
Siemens Software Center:- Before V3.5.8.2 is affected.
- Before V2506.6000 is affected.
- Before V2506.0002 is affected.
- Before V2602 is affected.
- Before V225.0 Update 13 is affected.
- Before V226.0 Update 04 is affected.
- Before V2504.0008 is affected.