{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-40571", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "state": "PUBLISHED", "assignerShortName": "siemens", "dateReserved": "2025-04-16T08:20:17.031Z", "datePublished": "2025-05-13T09:38:54.270Z", "dateUpdated": "2026-04-14T08:40:36.908Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2026-04-14T08:40:36.908Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Mendix OIDC SSO (Mendix 10.12 compatible) (All versions < V4.0.1), Mendix OIDC SSO (Mendix 9 compatible) (All versions < V3.3.1), Mendix OIDC SSO V4.2 (Mendix 10 compatible) (All versions < V4.2.1), Mendix OIDC SSO V4.3 (Mendix 10 compatible) (All versions). The Mendix OIDC SSO module grants read and write access to all tokens exclusively to the Administrator role and could result in privilege misuse by an adversary modifying the module during Mendix development."}], "affected": [{"vendor": "Siemens", "product": "Mendix OIDC SSO (Mendix 10.12 compatible)", "versions": [{"status": "affected", "version": "0", "lessThan": "V4.0.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Mendix OIDC SSO (Mendix 9 compatible)", "versions": [{"status": "affected", "version": "0", "lessThan": "V3.3.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Mendix OIDC SSO V4.2 (Mendix 10 compatible)", "versions": [{"status": "affected", "version": "0", "lessThan": "V4.2.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Mendix OIDC SSO V4.3 (Mendix 10 compatible)", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "baseScore": 2.2, "baseSeverity": "LOW"}}, {"cvssV4_0": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "baseScore": 2.1, "baseSeverity": "LOW"}}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-266", "description": "CWE-266: Incorrect Privilege Assignment", "type": "CWE"}]}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-726617.html"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-13T18:45:08.655344Z", "id": "CVE-2025-40571", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-13T18:46:17.594Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-40571", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-13T18:45:08.655344Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-13T18:45:58.635Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 2.2, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N"}}, {"cvssV4_0": {"version": "4.0", "baseScore": 2.1, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"}}], "affected": [{"vendor": "Siemens", "product": "Mendix OIDC SSO (Mendix 10.12 compatible)", "versions": [{"status": "affected", "version": "0", "lessThan": "V4.0.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Mendix OIDC SSO (Mendix 9 compatible)", "versions": [{"status": "affected", "version": "0", "lessThan": "V3.3.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Mendix OIDC SSO V4.2 (Mendix 10 compatible)", "versions": [{"status": "affected", "version": "0", "lessThan": "V4.2.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Mendix OIDC SSO V4.3 (Mendix 10 compatible)", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-726617.html"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Mendix OIDC SSO (Mendix 10.12 compatible) (All versions < V4.0.1), Mendix OIDC SSO (Mendix 9 compatible) (All versions < V3.3.1), Mendix OIDC SSO V4.2 (Mendix 10 compatible) (All versions < V4.2.1), Mendix OIDC SSO V4.3 (Mendix 10 compatible) (All versions). The Mendix OIDC SSO module grants read and write access to all tokens exclusively to the Administrator role and could result in privilege misuse by an adversary modifying the module during Mendix development."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-266", "description": "CWE-266: Incorrect Privilege Assignment"}]}], "providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2026-04-14T08:40:36.908Z"}}}, "cveMetadata": {"cveId": "CVE-2025-40571", "state": "PUBLISHED", "dateUpdated": "2026-04-14T08:40:36.908Z", "dateReserved": "2025-04-16T08:20:17.031Z", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "datePublished": "2025-05-13T09:38:54.270Z", "assignerShortName": "siemens"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Mendix OIDC SSO (Mendix 10.12 compatible) (All versions < V4.0.1), Mendix OIDC SSO (Mendix 9 compatible) (All versions < V3.3.1), Mendix OIDC SSO V4.2 (Mendix 10 compatible) (All versions < V4.2.1), Mendix OIDC SSO V4.3 (Mendix 10 compatible) (All versions). The Mendix OIDC SSO module grants read and write access to all tokens exclusively to the Administrator role and could result in privilege misuse by an adversary modifying the module during Mendix development."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en Mendix OIDC SSO (compatible con Mendix 10) (todas las versiones anteriores a la V4.0.0) y Mendix OIDC SSO (compatible con Mendix 9) (todas las versiones). El m\u00f3dulo Mendix OIDC SSO otorga acceso de lectura y escritura a todos los tokens exclusivamente al rol de administrador, lo que podr\u00eda provocar un uso indebido de privilegios por parte de un atacante que modifique el m\u00f3dulo durante el desarrollo de Mendix."}], "id": "CVE-2025-40571", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.2, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 1.4, "source": "productcert@siemens.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.1, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "productcert@siemens.com", "type": "Secondary"}]}, "published": "2025-05-13T10:15:26.373", "references": [{"source": "productcert@siemens.com", "url": "https://cert-portal.siemens.com/productcert/html/ssa-726617.html"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-266"}], "source": "productcert@siemens.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T20:50:39.063609+00:00", "value": {"mitigation_remediation": ["Apply the latest patch or upgrade to a version of the Mendix OIDC SSO module that addresses the privilege assignment issue (e.g., V4.0.1 or newer for Mendix 10.12 compatible, V3.3.1 or newer for Mendix 9 compatible, V4.2.1 or newer for V4.2, and the latest V4.3 releases).", "Restrict the ability of the Administrator role or developers to modify the OIDC SSO module during development and deployment, enforcing least privilege on code changes.", "Monitor and audit all changes to the Mendix OIDC SSO module and log token access patterns to detect any unauthorized or anomalous token manipulation."], "summary": {"action": "Assess Impact", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Affected products include Siemens Mendix OIDC SSO for Mendix 10.12 compatible, Siemens Mendix OIDC SSO for Mendix 9 compatible, Siemens Mendix OIDC SSO V4.2 (compatible with Mendix 10) and Siemens Mendix OIDC SSO V4.3 (compatible with Mendix 10). The vulnerability applies to all versions of these modules that are older than V4.0.1 for the 10.12 compatible releases, older than V3.3.1 for the 9 compatible releases, older than V4.2.1 for the V4.2 releases, and to all public releases of V4.3.", "description_and_impact": "The Mendix OIDC SSO module grants users in the Administrator role full read and write access to all authentication tokens. This privileged access allows an attacker who can modify the module code during the Mendix development process to abuse token privileges, potentially altering or forging tokens used for user authentication. The weakness is a classic privilege or access control issue (CWE\u2011266), which limits the ability of compromised administrators to misappropriate token credentials.", "risk_and_exploitability": "With a CVSS score of 2.1 and an EPSS score under 1%, the likelihood of exploitation is very low and the vulnerability is not listed in CISA\u2019s KEV catalog. The attack vector is inferred to require an authenticated user with Administrator or developer privileges who can modify the OIDC SSO module during the application life cycle; external network exploitation is unlikely based on the supplied description."}}}}, "created": "2026-04-21T21:00:36.005259+00:00", "title": "Privilege Misuse via Administrator Token Access in Mendix OIDC SSO", "updated": "2026-04-21T21:00:36.005286+00:00", "vendors": []}