cve-2025-40948

CVE-2025-40948 is an authenticated remote file-read vulnerability in the JSON-RPC interface of Siemens Ruggedcom ROX devices, disclosed by Siemens and CISA in May 2026. The flaw affects multiple MX5000, RX1400, RX1500, RX1510, RX1524, RX1536, and RX5000 models running ROX versions before 2.17.1. It allows a logged-in remote user to read arbitrary operating-system files with root privileges, posing a significant risk in industrial networks for power, transport, and factory environments. Discussions on WindowsForum highlight that while not a wormable vulnerability, it represents a quiet breach of trust in the management plane, where real leverage often exists in critical infrastructure.