CVE-2025-40772 is a stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79, discovered in Siemens SiPass integrated server applications in all versions prior to 3.0. The vulnerability arises from improper neutralization of user-supplied input during web page generation, allowing attackers to inject malicious JavaScript code that is stored on the server and executed in the browsers of other users who access the affected pages. The attack vector is remote with low attack complexity and requires low privileges but does require user interaction (victims visiting the maliciously crafted page). Successful exploitation enables attackers to impersonate legitimate users by stealing session cookies or tokens, potentially leading to unauthorized access and privilege escalation within the SiPass integrated environment. The CVSS v3.1 base score is 7.4, reflecting high impact on confidentiality, integrity, and availability. Although no public exploits are currently known, the vulnerability poses a significant risk due to the critical nature of SiPass integrated in managing physical access control systems. The lack of an official patch at the time of publication necessitates immediate mitigation efforts. This vulnerability highlights the risks associated with insufficient input sanitization in web applications that manage sensitive security functions.

For European organizations, the impact of CVE-2025-40772 can be severe, especially for those relying on Siemens SiPass integrated for physical access control in critical infrastructure, government facilities, and large enterprises. Exploitation could lead to unauthorized access to secure areas by compromising user sessions and escalating privileges within the system. This undermines both physical and logical security, potentially allowing attackers to bypass security controls, access sensitive data, or disrupt operations. The confidentiality of user credentials and session data is at high risk, as is the integrity of access control policies. Availability could also be affected if attackers manipulate or disable access controls. Given the widespread use of Siemens security products across Europe, the vulnerability could have cascading effects on national security, industrial operations, and corporate environments. The requirement for user interaction limits automated mass exploitation but targeted attacks against high-value users remain a significant threat.

Organizations should immediately audit their SiPass integrated deployments to identify affected versions and restrict access to the management interfaces. Until an official patch is released, implement strict input validation and output encoding on all user-supplied data within the application, focusing on areas where user input is reflected in web pages. Deploy Web Application Firewalls (WAFs) with rules to detect and block XSS payloads targeting SiPass integrated. Limit user privileges to the minimum necessary to reduce the impact of compromised accounts. Educate users about the risks of clicking on untrusted links or interacting with suspicious content within the SiPass environment. Monitor logs for unusual activity indicative of XSS exploitation attempts. Coordinate with Siemens for timely updates and apply patches as soon as they become available. Consider network segmentation to isolate SiPass integrated servers from less trusted networks. Finally, conduct penetration testing focused on XSS vulnerabilities to validate the effectiveness of mitigations.