Common Weakness Enumeration

CWE-598

Allowed

Use of HTTP Request With Sensitive Query String

Abstraction: Variant · Status: Draft

The web application uses an HTTP method to process a request, but the request includes sensitive information in the query string.

139 vulnerabilities reference this CWE, most recent first.

CVE-2025-52901 (GCVE-0-2025-52901)

Vulnerability from cvelistv5 – Published: 2025-06-30 19:56 – Updated: 2025-08-04 17:22
VLAI
Title
File Browser allows sensitive data to be transferred in URL
Summary
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.9, access tokens are used as GET parameters. The JSON Web Token (JWT) which is used as a session identifier will get leaked to anyone having access to the URLs accessed by the user. This will give an attacker full access to a user's account and, in consequence, to all sensitive files the user has access to. This issue has been patched in version 2.33.9.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-598 - Use of GET Request Method With Sensitive Query Strings
Assigner
Impacted products
Vendor Product Version
filebrowser filebrowser Affected: < 2.33.9
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-52901",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-30T20:25:07.286948Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-30T20:25:15.431Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "filebrowser",
          "vendor": "filebrowser",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.33.9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.9, access tokens are used as GET parameters. The JSON Web Token (JWT) which is used as a session identifier will get leaked to anyone having access to the URLs accessed by the user. This will give an attacker full access to a user\u0027s account and, in consequence, to all sensitive files the user has access to. This issue has been patched in version 2.33.9."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-598",
              "description": "CWE-598: Use of GET Request Method With Sensitive Query Strings",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-04T17:22:39.525Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/filebrowser/filebrowser/security/advisories/GHSA-rmwh-g367-mj4x",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/filebrowser/filebrowser/security/advisories/GHSA-rmwh-g367-mj4x"
        },
        {
          "name": "https://github.com/filebrowser/filebrowser/commit/d5b39a14fd3fc0d1c364116b41289484df7c27b2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/filebrowser/filebrowser/commit/d5b39a14fd3fc0d1c364116b41289484df7c27b2"
        },
        {
          "name": "https://github.com/filebrowser/filebrowser/releases/tag/v2.33.9",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/filebrowser/filebrowser/releases/tag/v2.33.9"
        },
        {
          "name": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250327-03_Filebrowser_Sensitive_Data_Transferred_In_URL",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250327-03_Filebrowser_Sensitive_Data_Transferred_In_URL"
        }
      ],
      "source": {
        "advisory": "GHSA-rmwh-g367-mj4x",
        "discovery": "UNKNOWN"
      },
      "title": "File Browser allows sensitive data to be transferred in URL"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-52901",
    "datePublished": "2025-06-30T19:56:25.114Z",
    "dateReserved": "2025-06-20T17:42:25.711Z",
    "dateUpdated": "2025-08-04T17:22:39.525Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-49188 (GCVE-0-2025-49188)

Vulnerability from cvelistv5 – Published: 2025-06-12 14:02 – Updated: 2025-06-17 19:04
VLAI
Title
Sensitive Data in URL
Summary
The application sends user credentials as URL parameters instead of POST bodies, making it vulnerable to information gathering.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-598 - Use of GET Request Method With Sensitive Query Strings
Assigner
References
URL Tags
https://sick.com/psirt x_SICK PSIRT Website
https://cdn.sick.com/media/docs/1/11/411/Special_… x_SICK Operating Guidelines
https://www.cisa.gov/resources-tools/resources/ic… x_ICS-CERT recommended practices on Industrial Security
https://www.first.org/cvss/calculator/3.1 x_CVSS v3.1 Calculator
https://www.sick.com/.well-known/csaf/white/2025/… vendor-advisory
https://www.sick.com/.well-known/csaf/white/2025/… vendor-advisoryx_csaf
Impacted products
Vendor Product Version
SICK AG SICK Field Analytics Affected: all versions (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-49188",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-12T14:14:35.551923Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-17T19:04:38.200Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "SICK Field Analytics",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "all versions",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ccode\u003eThe application sends user credentials as URL parameters instead of POST bodies, making it vulnerable to information gathering.\u003c/code\u003e"
            }
          ],
          "value": "The application sends user credentials as URL parameters instead of POST bodies, making it vulnerable to information gathering."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-598",
              "description": "CWE-598 Use of GET Request Method With Sensitive Query Strings",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-12T14:02:36.838Z",
        "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "shortName": "SICK AG"
      },
      "references": [
        {
          "tags": [
            "x_SICK PSIRT Website"
          ],
          "url": "https://sick.com/psirt"
        },
        {
          "tags": [
            "x_SICK Operating Guidelines"
          ],
          "url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
        },
        {
          "tags": [
            "x_ICS-CERT recommended practices on Industrial Security"
          ],
          "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
        },
        {
          "tags": [
            "x_CVSS v3.1 Calculator"
          ],
          "url": "https://www.first.org/cvss/calculator/3.1"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_csaf"
          ],
          "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json"
        }
      ],
      "source": {
        "advisory": "sca-2025-0007",
        "discovery": "INTERNAL"
      },
      "title": "Sensitive Data in URL",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ccode\u003ePlease make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \\\"SICK Operating Guidelines\\\" and \\\"ICS-CERT recommended practices on Industrial Security\\\" could help to implement the general security practices.\u003c/code\u003e"
            }
          ],
          "value": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \\\"SICK Operating Guidelines\\\" and \\\"ICS-CERT recommended practices on Industrial Security\\\" could help to implement the general security practices."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
    "assignerShortName": "SICK AG",
    "cveId": "CVE-2025-49188",
    "datePublished": "2025-06-12T14:02:36.838Z",
    "dateReserved": "2025-06-03T05:55:52.772Z",
    "dateUpdated": "2025-06-17T19:04:38.200Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-41772 (GCVE-0-2025-41772)

Vulnerability from cvelistv5 – Published: 2026-03-09 08:18 – Updated: 2026-03-09 18:18
VLAI
Title
wwwupdate.cgi Session token in URL
Summary
An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-598 - Use of GET Request Method With Sensitive Query Strings
Assigner
References
Impacted products
Vendor Product Version
MBS UBR-01 Mk II Affected: 0.0.0 , < 6.0.1.0 (semver)
Create a notification for this product.
MBS UBR-02 Affected: 0.0.0 , < 6.0.1.0 (semver)
Create a notification for this product.
MBS UBR-LON Affected: 0.0.0 , < 6.0.1.0 (semver)
Create a notification for this product.
Credits
Adrien Rey from Cyber Defense Campus Zurich Daniel Hulliger from Armasuisse
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-41772",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-09T18:17:43.406586Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-09T18:18:41.648Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "UBR-01 Mk II",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "6.0.1.0",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UBR-02",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "6.0.1.0",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UBR-LON",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "6.0.1.0",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Adrien Rey from Cyber Defense Campus Zurich"
        },
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Daniel Hulliger from Armasuisse"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR.\u003cbr\u003e"
            }
          ],
          "value": "An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-598",
              "description": "CWE-598 Use of GET Request Method With Sensitive Query Strings",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-09T08:18:49.918Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://www.mbs-solutions.de/mbs-2025-0001"
        }
      ],
      "source": {
        "defect": [
          "CERT@VDE#641895"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "wwwupdate.cgi Session token in URL",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2025-41772",
    "datePublished": "2026-03-09T08:18:49.918Z",
    "dateReserved": "2025-04-16T11:18:45.761Z",
    "dateUpdated": "2026-03-09T18:18:41.648Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-40742 (GCVE-0-2025-40742)

Vulnerability from cvelistv5 – Published: 2025-07-08 10:35 – Updated: 2026-05-12 08:20
VLAI
Summary
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V11.0), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V11.0), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V11.0), SIPROTEC 5 6MD89 (CP300) (All versions < V11.0), SIPROTEC 5 6MD89 (CP300) V9.6x (All versions < V11.0), SIPROTEC 5 6MU85 (CP300) (All versions < V11.0), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V11.0), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V11.0), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V11.0), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V11.0), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V11.0), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V11.0), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V11.0), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions < V11.0), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions < V11.0), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V11.0), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V11.0), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions < V11.0), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V11.0), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V11.0), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V11.0), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V11.0), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V11.0), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions < V11.0), SIPROTEC 5 7ST86 (CP300) (All versions < V11.0), SIPROTEC 5 7SX82 (CP150) (All versions < V11.0), SIPROTEC 5 7SX85 (CP300) (All versions < V11.0), SIPROTEC 5 7SY82 (CP150) (All versions < V11.0), SIPROTEC 5 7UM85 (CP300) (All versions < V11.0), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V11.0), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V11.0), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V11.0), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V11.0), SIPROTEC 5 7VE85 (CP300) (All versions < V11.0), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V11.0), SIPROTEC 5 7VU85 (CP300) (All versions < V11.0), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V11.0). The affected devices include session identifiers in URL requests for certain functionalities. This could allow an attacker to retrieve sensitive session data from browser history, logs, or other storage mechanisms, potentially leading to unauthorized access.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-598 - Use of GET Request Method With Sensitive Query Strings
Assigner
Impacted products
Vendor Product Version
Siemens SIPROTEC 5 6MD84 (CP300) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 6MD85 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 6MD85 (CP300) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 6MD86 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 6MD86 (CP300) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 6MD89 (CP300) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 6MD89 (CP300) V9.6x Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 6MU85 (CP300) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7KE85 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7KE85 (CP300) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SA82 (CP100) Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SA82 (CP150) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SA84 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SA86 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SA86 (CP300) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SA87 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SA87 (CP300) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SD82 (CP100) Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SD82 (CP150) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SD84 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SD86 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SD86 (CP300) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SD87 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SD87 (CP300) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SJ81 (CP100) Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SJ81 (CP150) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SJ82 (CP100) Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SJ82 (CP150) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SJ85 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SJ85 (CP300) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SJ86 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SJ86 (CP300) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SK82 (CP100) Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SK82 (CP150) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SK85 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SK85 (CP300) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SL82 (CP100) Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SL82 (CP150) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SL86 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SL86 (CP300) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SL87 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SL87 (CP300) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SS85 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SS85 (CP300) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7ST85 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7ST85 (CP300) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7ST86 (CP300) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SX82 (CP150) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SX85 (CP300) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SY82 (CP150) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7UM85 (CP300) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7UT82 (CP100) Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7UT82 (CP150) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7UT85 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7UT85 (CP300) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7UT86 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7UT86 (CP300) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7UT87 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7UT87 (CP300) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7VE85 (CP300) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7VK87 (CP200) Unaffected: 0 , < * (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7VK87 (CP300) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7VU85 (CP300) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 Compact 7SX800 (CP050) Affected: 0 , < V11.0 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-40742",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-08T20:32:17.016526Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-08T20:32:25.319Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 6MD84 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 6MD85 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 6MD85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 6MD86 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 6MD86 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 6MD89 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 6MD89 (CP300) V9.6x",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 6MU85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7KE85 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7KE85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SA82 (CP100)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SA82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SA84 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SA86 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SA86 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SA87 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SA87 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SD82 (CP100)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SD82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SD84 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SD86 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SD86 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SD87 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SD87 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SJ81 (CP100)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SJ81 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SJ82 (CP100)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SJ82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SJ85 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SJ85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SJ86 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SJ86 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SK82 (CP100)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SK82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SK85 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SK85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SL82 (CP100)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SL82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SL86 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SL86 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SL87 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SL87 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SS85 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SS85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7ST85 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7ST85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7ST86 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SX82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SX85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SY82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7UM85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7UT82 (CP100)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7UT82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7UT85 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7UT85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7UT86 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7UT86 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7UT87 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7UT87 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7VE85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7VK87 (CP200)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7VK87 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7VU85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 Compact 7SX800 (CP050)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V11.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions \u003c V11.0), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions \u003c V11.0), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions \u003c V11.0), SIPROTEC 5 6MD89 (CP300) (All versions \u003c V11.0), SIPROTEC 5 6MD89 (CP300) V9.6x (All versions \u003c V11.0), SIPROTEC 5 6MU85 (CP300) (All versions \u003c V11.0), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions \u003c V11.0), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions \u003c V11.0), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions \u003c V11.0), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions \u003c V11.0), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions \u003c V11.0), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions \u003c V11.0), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions \u003c V11.0), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions \u003c V11.0), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions \u003c V11.0), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions \u003c V11.0), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions \u003c V11.0), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions \u003c V11.0), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions \u003c V11.0), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions \u003c V11.0), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions \u003c V11.0), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions \u003c V11.0), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions \u003c V11.0), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions \u003c V11.0), SIPROTEC 5 7ST86 (CP300) (All versions \u003c V11.0), SIPROTEC 5 7SX82 (CP150) (All versions \u003c V11.0), SIPROTEC 5 7SX85 (CP300) (All versions \u003c V11.0), SIPROTEC 5 7SY82 (CP150) (All versions \u003c V11.0), SIPROTEC 5 7UM85 (CP300) (All versions \u003c V11.0), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions \u003c V11.0), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions \u003c V11.0), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions \u003c V11.0), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions \u003c V11.0), SIPROTEC 5 7VE85 (CP300) (All versions \u003c V11.0), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions \u003c V11.0), SIPROTEC 5 7VU85 (CP300) (All versions \u003c V11.0), SIPROTEC 5 Compact 7SX800 (CP050) (All versions \u003c V11.0). The affected devices include session identifiers in URL requests for certain functionalities. This could allow an attacker to retrieve sensitive session data from browser history, logs, or other storage mechanisms, potentially leading to unauthorized access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-598",
              "description": "CWE-598: Use of GET Request Method With Sensitive Query Strings",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-12T08:20:43.164Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-904646.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2025-40742",
    "datePublished": "2025-07-08T10:35:02.095Z",
    "dateReserved": "2025-04-16T08:39:30.029Z",
    "dateUpdated": "2026-05-12T08:20:43.164Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-36371 (GCVE-0-2025-36371)

Vulnerability from cvelistv5 – Published: 2025-11-19 19:45 – Updated: 2025-11-19 20:18
VLAI
Title
IBM i Information Disclosure
Summary
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the database plan cache implementation.  A user with access to the database plan cache could see information they do not have authority to view.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-598 - Use of GET Request Method With Sensitive Query Strings
Assigner
ibm
References
URL Tags
https://www.ibm.com/support/pages/node/7251699 vendor-advisorypatch
Impacted products
Vendor Product Version
IBM i Affected: 7.6
Affected: 7.5
Affected: 7.4
Affected: 7.3
Affected: 7.2
    cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-36371",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-19T20:18:24.302321Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-19T20:18:56.273Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*"
          ],
          "product": "i",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            },
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "7.4"
            },
            {
              "status": "affected",
              "version": "7.3"
            },
            {
              "status": "affected",
              "version": "7.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the database plan cache implementation.\u0026nbsp; A user with access to the database plan cache could see information they do not have authority to view.\u003c/p\u003e"
            }
          ],
          "value": "IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the database plan cache implementation.\u00a0 A user with access to the database plan cache could see information they do not have authority to view."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-598",
              "description": "CWE-598 Use of GET Request Method With Sensitive Query Strings",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-19T19:45:31.840Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7251699"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eRemediation/Fixes IBM i Release 5770-SS1 PTF Number(s) PTF Download Link(s) 7.6 MJ07546 https://www.ibm.com/mysupport/s/fix-information?legacy=MJ07546 7.5 MJ07605 https://www.ibm.com/mysupport/s/fix-information?legacy=MJ07605 7.4 MJ07545 https://www.ibm.com/mysupport/s/fix-information?legacy=MJ07545 7.3 MJ07557 https://www.ibm.com/mysupport/s/fix-information?legacy=MJ07557 7.2 MJ07567 https://www.ibm.com/mysupport/s/fix-information?legacy=MJ07567 IBM recommends that all users running unsupported versions of affected products upgrade to a supported version of the affected product.\u003c/p\u003e"
            }
          ],
          "value": "Remediation/Fixes IBM i Release 5770-SS1 PTF Number(s) PTF Download Link(s) 7.6 MJ07546 https://www.ibm.com/mysupport/s/fix-information?legacy=MJ07546 7.5 MJ07605 https://www.ibm.com/mysupport/s/fix-information?legacy=MJ07605 7.4 MJ07545 https://www.ibm.com/mysupport/s/fix-information?legacy=MJ07545 7.3 MJ07557 https://www.ibm.com/mysupport/s/fix-information?legacy=MJ07557 7.2 MJ07567 https://www.ibm.com/mysupport/s/fix-information?legacy=MJ07567 IBM recommends that all users running unsupported versions of affected products upgrade to a supported version of the affected product."
        }
      ],
      "title": "IBM i Information Disclosure",
      "x_generator": {
        "engine": "ibm-cvegen"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-36371",
    "datePublished": "2025-11-19T19:45:31.840Z",
    "dateReserved": "2025-04-15T21:16:56.324Z",
    "dateUpdated": "2025-11-19T20:18:56.273Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-32916 (GCVE-0-2025-32916)

Vulnerability from cvelistv5 – Published: 2025-10-09 15:00 – Updated: 2025-10-14 14:16
VLAI
Title
Sensitive form data in URL query parameters
Summary
Potential use of sensitive information in GET requests in Checkmk GmbH's Checkmk versions <2.4.0p13, <2.3.0p38, <2.2.0p46, and 2.1.0 (EOL) may cause sensitive form data to be included in URL query parameters, which may be logged in various places such as browser history or web server logs.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-598 - Use of GET Request Method With Sensitive Query Strings
Assigner
References
Impacted products
Vendor Product Version
Checkmk GmbH Checkmk Affected: 2.4.0 , < 2.4.0p13 (semver)
Affected: 2.3.0 , < 2.3.0p38 (semver)
Affected: 2.2.0 , < 2.2.0p46 (semver)
Affected: 2.1.0 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-32916",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-09T15:11:44.557098Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-14T14:16:57.077Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Checkmk",
          "vendor": "Checkmk GmbH",
          "versions": [
            {
              "lessThan": "2.4.0p13",
              "status": "affected",
              "version": "2.4.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.3.0p38",
              "status": "affected",
              "version": "2.3.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.2.0p46",
              "status": "affected",
              "version": "2.2.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "2.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Potential use of sensitive information in GET requests in Checkmk GmbH\u0027s Checkmk versions \u003c2.4.0p13, \u003c2.3.0p38, \u003c2.2.0p46, and 2.1.0 (EOL) may cause sensitive form data to be included in URL query parameters, which may be logged in various places such as browser history or web server logs."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-560",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-560: Use of Known Domain Credentials"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-598",
              "description": "CWE-598: Use of GET Request Method With Sensitive Query Strings",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-09T15:00:58.720Z",
        "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
        "shortName": "Checkmk"
      },
      "references": [
        {
          "url": "https://checkmk.com/werk/17105"
        }
      ],
      "title": "Sensitive form data in URL query parameters"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
    "assignerShortName": "Checkmk",
    "cveId": "CVE-2025-32916",
    "datePublished": "2025-10-09T15:00:58.720Z",
    "dateReserved": "2025-04-14T09:52:19.273Z",
    "dateUpdated": "2025-10-14T14:16:57.077Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-32021 (GCVE-0-2025-32021)

Vulnerability from cvelistv5 – Published: 2025-04-15 20:39 – Updated: 2025-04-16 14:49
VLAI
Title
Weblate VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext
Summary
Weblate is a web based localization tool. Prior to version 5.11, when creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code repository URL contains GitHub credentials, the confidential PAT and username are shown in plaintext and get saved into browser history. Moreover, if the request URL is logged, the credentials are written to logs in plaintext. If using Weblate official Docker image, nginx logs the URL and the token in plaintext. This issue is patched in version 5.11.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-598 - Use of GET Request Method With Sensitive Query Strings
Assigner
References
Impacted products
Vendor Product Version
WeblateOrg weblate Affected: < 5.11
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-32021",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T14:40:58.239648Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T14:49:51.412Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-m67m-3p5g-cw9j"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "weblate",
          "vendor": "WeblateOrg",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 5.11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Weblate is a web based localization tool. Prior to version 5.11, when creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client\u0027s URL parameters during the creation process. If, for example, the source code repository URL contains GitHub credentials, the confidential PAT and username are shown in plaintext and get saved into browser history. Moreover, if the request URL is logged, the credentials are written to logs in plaintext. If using Weblate official Docker image, nginx logs the URL and the token in plaintext. This issue is patched in version 5.11."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.2,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-598",
              "description": "CWE-598: Use of GET Request Method With Sensitive Query Strings",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-15T20:39:09.253Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-m67m-3p5g-cw9j",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-m67m-3p5g-cw9j"
        },
        {
          "name": "https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.11",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.11"
        }
      ],
      "source": {
        "advisory": "GHSA-m67m-3p5g-cw9j",
        "discovery": "UNKNOWN"
      },
      "title": "Weblate VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-32021",
    "datePublished": "2025-04-15T20:39:09.253Z",
    "dateReserved": "2025-04-01T21:57:32.955Z",
    "dateUpdated": "2025-04-16T14:49:51.412Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-31954 (GCVE-0-2025-31954)

Vulnerability from cvelistv5 – Published: 2025-11-05 18:23 – Updated: 2025-11-05 18:46
VLAI
Title
HCL iAutomate is susceptible to a sensitive information disclosure
Summary
HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP GET method is used to process a request and includes sensitive information in the query string of that request. An attacker could potentially access information or resources they were not intended to see.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-598 - Use of GET Request Method With Sensitive Query Strings
Assigner
HCL
Impacted products
Vendor Product Version
HCL Software iAutomate Affected: 6.5.1, 6.5.2
Create a notification for this product.
Date Public
2025-11-05 16:41
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-31954",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-05T18:46:39.807561Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-05T18:46:53.781Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "iAutomate",
          "vendor": "HCL Software",
          "versions": [
            {
              "status": "affected",
              "version": "6.5.1, 6.5.2"
            }
          ]
        }
      ],
      "datePublic": "2025-11-05T16:41:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eHCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure.  An HTTP GET method is used to process a request and includes sensitive information in the query string of that request.  An attacker could potentially access information or resources they were not intended to see. \u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure.  An HTTP GET method is used to process a request and includes sensitive information in the query string of that request.  An attacker could potentially access information or resources they were not intended to see."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-598",
              "description": "CWE-598 Use of GET Request Method With Sensitive Query Strings",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-05T18:23:21.019Z",
        "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "shortName": "HCL"
      },
      "references": [
        {
          "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0125011"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "HCL iAutomate is susceptible to a sensitive information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
    "assignerShortName": "HCL",
    "cveId": "CVE-2025-31954",
    "datePublished": "2025-11-05T18:23:21.019Z",
    "dateReserved": "2025-04-01T18:46:19.517Z",
    "dateUpdated": "2025-11-05T18:46:53.781Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-26473 (GCVE-0-2025-26473)

Vulnerability from cvelistv5 – Published: 2025-02-13 21:17 – Updated: 2025-02-14 15:47
VLAI
Title
Outback Power Mojave Inverter Use of GET Request Method With Sensitive Query Strings
Summary
The Mojave Inverter uses the GET method for sensitive information.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Outback Power Mojave Inverter Affected: All versions
Create a notification for this product.
Credits
Jon Hurtado of Sandia National Laboratory reported these vulnerabilities to CISA.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-26473",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-14T15:37:18.360683Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-14T15:47:58.188Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Mojave Inverter",
          "vendor": "Outback Power",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Jon Hurtado of Sandia National Laboratory reported these vulnerabilities to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The Mojave Inverter uses the GET method for sensitive information."
            }
          ],
          "value": "The Mojave Inverter uses the GET method for sensitive information."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-598",
              "description": "CWE-598",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-13T21:17:46.586Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-17"
        },
        {
          "url": "https://old.outbackpower.com/about-outback/contact/contact-us"
        }
      ],
      "source": {
        "advisory": "ICSA-25-044-17",
        "discovery": "EXTERNAL"
      },
      "title": "Outback Power Mojave Inverter Use of GET Request Method With Sensitive Query Strings",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The Mojave Inverter was a product of Enersys. When Outback Power was \nsplit off from Enersys recently, Mojave Inverter was moved to Outback \nPower, but without the resources to maintain the product. Outback Power \nmay discontinue this product and has not yet addressed these \nvulnerabilities. CISA recommends disabling the networking features of \nthis product until a replacement product can be acquired.\n\n\u003cbr\u003e"
            }
          ],
          "value": "The Mojave Inverter was a product of Enersys. When Outback Power was \nsplit off from Enersys recently, Mojave Inverter was moved to Outback \nPower, but without the resources to maintain the product. Outback Power \nmay discontinue this product and has not yet addressed these \nvulnerabilities. CISA recommends disabling the networking features of \nthis product until a replacement product can be acquired."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2025-26473",
    "datePublished": "2025-02-13T21:17:46.586Z",
    "dateReserved": "2025-02-12T16:21:30.264Z",
    "dateUpdated": "2025-02-14T15:47:58.188Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-22387 (GCVE-0-2025-22387)

Vulnerability from cvelistv5 – Published: 2025-01-04 00:00 – Updated: 2025-01-06 17:01
VLAI
Summary
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This exposes information about the authenticated session, which can be leveraged for session hijacking.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-598 - Use of GET Request Method With Sensitive Query Strings
Assigner
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-22387",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-06T17:00:44.332292Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-06T17:01:10.261Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This exposes information about the authenticated session, which can be leveraged for session hijacking."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-598",
              "description": "CWE-598 Use of GET Request Method With Sensitive Query Strings",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-04T02:06:18.617Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://support.optimizely.com/hc/en-us/articles/32695551034893-Configured-Commerce-Security-Advisory-COM-2024-06"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-22387",
    "datePublished": "2025-01-04T00:00:00.000Z",
    "dateReserved": "2025-01-04T00:00:00.000Z",
    "dateUpdated": "2025-01-06T17:01:10.261Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Implementation

When sending sensitive information, only include it in the request body or request headers instead of the query string. This may require avoiding use of GET requests.

No CAPEC attack patterns related to this CWE.