Vulnerabilities ›

CVE-2025-40833

High

CWE-476 — Weakness Type

                    Published: May 12, 2026                      ·  Modified: May 19, 2026                      ·  Source: NVD                

CVSS v3

7.5

🔗 NVD Official

📄 Description (English)

The affected devices contain a null pointer dereference vulnerability while processing specially crafted IPv4 requests. This could allow an attacker to cause denial of service condition. A manual restart is required to recover the system.

🤖 AI Executive Summary

CVE-2025-40833 is a null pointer dereference vulnerability in network devices that processes IPv4 requests, allowing attackers to cause denial of service. Manual system restart is required for recovery.

📄 Description (Arabic)

تحتوي الأجهزة المتأثرة على ثغرة إلغاء مؤشر فارغ عند معالجة طلبات IPv4 المصممة خصيصاً. يمكن للمهاجمين استغلال هذه الثغرة لإحداث حالة رفض الخدمة. يتطلب التعافي من هذا الهجوم إعادة تشغيل يدوية للنظام.

🤖 ملخص تنفيذي (AI)

This vulnerability affects network devices processing IPv4 requests and can be exploited to cause service disruption through specially crafted packets. System recovery requires manual intervention and restart.

🤖 AI Intelligence Analysis Analyzed: May 15, 2026 01:16

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

telecom energy government banking healthcare

🎯 MITRE ATT&CK Techniques

T1499.004 T1561.002 T1499

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Apply manufacturer security patches immediately, implement network segmentation to restrict IPv4 traffic sources, deploy intrusion detection systems to monitor for malicious IPv4 packets, and establish incident response procedures for rapid system restart and recovery.

🔧 خطوات المعالجة (العربية)

تطبيق تصحيحات الأمان من المصنع فوراً، تنفيذ تقسيم الشبكة لتقييد مصادر حركة IPv4، نشر أنظمة كشف التسلل لمراقبة الحزم الضارة، وإنشاء إجراءات الاستجابة السريعة لإعادة تشغيل النظام.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

2.1 2.2 4.1

🔵 SAMA CSF

ID.BE-5 PR.PT-1 DE.CM-1

🟡 ISO 27001:2022

A.12.2.1 A.12.6.1 A.13.1.1

🔗 References & Sources 1

🔗

https://cert-portal.siemens.com/productcert/html/ssa-392349.html

productcert@siemens.com

📊 CVSS Score

7.5

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityN — None / Network

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.5

CWECWE-476

EPSS0.04%

Exploit No

Patch ✗ No

Published 2026-05-12

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-476

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2025-40833

Introduce Yourself

Sign In Required