SINEC NMS < V4.0 SP3 Auth Bypass in Password Reset
CVE-2026-25654 Published on April 14, 2026

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do not properly validate user authorization when processing password reset requests. This could allow an authenticated remote attacker to bypass authorization checks, leading to the ability to reset the password of any arbitrary user account.

NVD

Weakness Type

What is an Insecure Direct Object Reference / IDOR Vulnerability?

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

CVE-2026-25654 has been classified to as an Insecure Direct Object Reference / IDOR vulnerability or weakness.

Products Associated with CVE-2026-25654

Want to know whenever a new CVE is published for Siemens Sinec Nms? stack.watch will email you.

Siemens Sinec Nms

Affected Versions

Siemens SINEC NMS:

Before V4.0 SP3 is affected.

SINEC NMS < V4.0 SP3 Auth Bypass in Password ResetCVE-2026-25654 Published on April 14, 2026

Weakness Type

What is an Insecure Direct Object Reference / IDOR Vulnerability?

Products Associated with CVE-2026-25654

Affected Versions

SINEC NMS < V4.0 SP3 Auth Bypass in Password Reset
CVE-2026-25654 Published on April 14, 2026