CVE-2025-40592

🗓️ 12 Jun 2025 08:05:09Reported by siemensType

Vulnerability in Mendix Studio Pro allows file modification through malicious module installation.

Reporter	Title	Published	Views	Family All 10
BDU FSTEC	The vulnerability in the visual integrated development environment for creating Mendix Studio Pro applications arises from incorrect restrictions on the path to the restricted access catalog. This allows attackers to write arbitrary files.	17 Jun 202500:00	–	bdu_fstec
Circl	CVE-2025-40592	12 Jun 202508:33	–	circl
CNNVD	Mendix Studio Pro 路径遍历漏洞	12 Jun 202500:00	–	cnnvd
Cvelist	CVE-2025-40592	12 Jun 202508:05	–	cvelist
EUVD	EUVD-2025-18163	3 Oct 202520:07	–	euvd
ICS	Siemens Mendix Studio Pro	12 Jun 202500:00	–	ics
NVD	CVE-2025-40592	12 Jun 202508:15	–	nvd
Positive Technologies	PT-2025-25283 · Mendix · Mendix Studio Pro	12 Jun 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-40592	9 Jan 202609:16	–	redhatcve
Vulnrichment	CVE-2025-40592	12 Jun 202508:05	–	vulnrichment

[
  {
    "vendor": "Siemens",
    "product": "Mendix Studio Pro 10",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V10.23.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Mendix Studio Pro 10.12",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V10.12.17",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Mendix Studio Pro 10.18",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V10.18.7",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Mendix Studio Pro 10.6",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V10.6.24",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Mendix Studio Pro 11",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V11.0.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Mendix Studio Pro 8",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.18.35",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Mendix Studio Pro 9",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V9.24.35",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/html/ssa-627195.html

17 Jun 2026 09:21Current

6.4Medium risk

Vulners AI Score6.4

CVSS 44.6

CVSS 3.16.1

EPSS0.00395

SSVC

CWE-22