Severity
High
Analysis Summary
CVE-2025-40758
Siemens Mendix SAML could allow a remote attacker to hijack an account in specific SSO configurations, caused by insufficiently enforce signature validation and binding checks.
Impact
- Security Bypass
Indicators of Compromise
CVE
CVE-2025-40758
Affected Vendors
Siemens
Affected Products
- Siemens Mendix SAML (Mendix 10.12 compatible)
- Siemens Mendix SAML (Mendix 10.21 compatible)
- Siemens Mendix SAML (Mendix 9.24 compatible)
Remediation
Refer to Siemens Security Advisory for patch, upgrade, or suggested workaround information.