Siemens IAM Client SDK untrusted search path (< V10.6.1)
CVE-2025-40945 Published on July 14, 2026
A vulnerability has been identified in COMOS V10.4.5 (All versions < V10.4.5.0.2), COMOS V10.6 (All versions < V10.6.1), Designcenter NX (All versions < V2512.7000), Simcenter 3D (All versions < V2512.7000), Simcenter Femap V2506 (All versions < V2506.0003), Simcenter Femap V2512 (All versions < V2512.0002), Simcenter Nastran (All versions < V2606), Simcenter STAR-CCM+ (All versions < V2606), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Teamcenter Visualization V2412 (All versions < V2412.0012), Teamcenter Visualization V2506 (All versions < V2506.0009), Teamcenter Visualization V2512 (All versions < V2512.2605), Tecnomatix Plant Simulation V2404 (All versions < V2404.0022), Tecnomatix Plant Simulation V2504 (All versions < V2504.0010), Tecnomatix Process Simulate (All versions < V2606). Untrusted search path in IAM Client SDK may allow an authenticated user to potentially enable escalation of privilege via local access.
Weakness Type
What is an Untrusted Path Vulnerability?
The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.
CVE-2025-40945 has been classified to as an Untrusted Path vulnerability or weakness.
Products Associated with CVE-2025-40945
Want to know whenever a new CVE is published for Siemens products? stack.watch will email you.
Affected Versions
Siemens COMOS V10.4.5:- Before V10.4.5.0.2 is affected.
- Before V10.6.1 is affected.
- Before V2512.7000 is affected.
- Before V2512.7000 is affected.
- Before V2506.0003 is affected.
- Before V2512.0002 is affected.
- Before V2606 is affected.
- Before V2606 is affected.
- Before V225.0 Update 13 is affected.
- Before V226.0 Update 04 is affected.
- Before V2412.0012 is affected.
- Before V2506.0009 is affected.
- Before V2512.2605 is affected.
- Before V2404.0022 is affected.
- Before V2504.0010 is affected.
- Before V2606 is affected.