SiPass Integrated XSS Vulnerability (All < V3.0) allows Session Theft
CVE-2025-40772 Published on October 14, 2025
A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications are vulnerable to stored Cross-Site Scripting (XSS), allowing an attacker to inject malicious code that can be executed by other users when they visit the affected page. Successful exploitation allows an attacker to impersonate other users within the application and steal their session data. This could enable unauthorized access to accounts and potentially lead to privilege escalation.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2025-40772 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2025-40772
stack.watch emails you whenever new vulnerabilities are published in Siemens Sipass Integrated or Siemens Sipass. Just hit a watch button to start following.
Affected Versions
Siemens SiPass integrated:- Before V3.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.