Info Disclosure in TeleControl Server Basic V3.1.1: Hash Leak (CVE-2025-40765)
CVE-2025-40765 Published on October 14, 2025
A vulnerability has been identified in TeleControl Server Basic V3.1 (All versions >= V3.1.2.2 < V3.1.2.3). The affected application contains an information disclosure vulnerability. This could allow an unauthenticated remote attacker to obtain password hashes of users and to login to and perform authenticated operations of the database service.
Weakness Type
Missing Authentication for Critical Function
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Products Associated with CVE-2025-40765
Want to know whenever a new CVE is published for Siemens Telecontrol Server Basic? stack.watch will email you.
Affected Versions
Siemens TeleControl Server Basic V3.1:- Version V3.1.2.2 and below V3.1.2.3 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.