SIMATIC RTLS Locating Manager RCE in backup script (pre-3.2)
CVE-2025-40746 Published on August 12, 2025
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.2). Affected products do not properly validate input for a backup script. This could allow an authenticated remote attacker with high privileges in the application to execute arbitrary code with 'NT Authority/SYSTEM' privileges.
Weakness Type
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2025-40746
Want to know whenever a new CVE is published for Siemens Simatic Rtls Locating Manager? stack.watch will email you.
Affected Versions
Siemens SIMATIC RTLS Locating Manager:- Before V3.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.