Full Report
The Mendix OIDC SSO module grants read and write access to all tokens exclusively to the Administrator role and could result in privilege misuse by an adversary modifying the module during Mendix development. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: Incorrect Privilege Assignment in Mendix OIDC SSO Module
## CVE Details
- CVE ID: CVE-2025-40571
- CVSS Score: 2.2 (CVSS v3.1) / 2.1 (CVSS v4.0) (Low)
- CWE: CWE-266: Incorrect Privilege Assignment
## Affected Systems
- Products: Mendix OIDC SSO Module
- Versions:
- Mendix 9 compatible versions: All versions prior to V3.3.0
- Mendix 10 compatible versions: All versions prior to V4.1.0
- Mendix 10.12 compatible versions: All versions prior to V4.0.1
- Configurations: Applicable where the OIDC SSO module is used to manage user authentication.
## Vulnerability Description
The Mendix OIDC SSO module improperly grants read and write access to all tokens exclusively to the 'Administrator' role. This flaw stems from an incorrect privilege assignment, which creates a risk of privilege misuse if an adversary is able to modify the module configuration during the Mendix development phase.
CVSS v3.1 Vector: AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
## Exploitation
- Status: Details on exploitation status are not provided, but the risk is associated with adversary modification during development.
- Complexity: High (Implied by the need for an adversary to modify the module during development, though the base score suggests a low overall impact).
- Attack Vector: Network (AV:N)
## Impact
- Confidentiality: Low (C:L)
- Integrity: No Impact (I:N, due to the nature of the flaw described, although privilege misuse could potentially lead to integrity impact if tokens are modified)
- Availability: No Impact (A:N)
## Remediation
### Patches
Customers must update to the following versions or later:
- Mendix 9 compatible: Update to **V3.3.0** or later.
- Mendix 10 compatible: Update to **V4.1.0** or later.
- Mendix 10.12 compatible: Update to **V4.0.1** or later.
### Workarounds
1. **Restrict Entity Access:** If the default setting (restricting token read/write access only to the Administrator role) is deemed insufficiently restrictive, customers should change the access rules of the specific `OIDC.Token` entity.
2. **User Role Separation:** Create a different user role specifically dedicated to handling distinct administrative tasks instead of relying solely on the default Administrator role for token access.
3. **General Security:** Implement robust mechanisms to protect network access to the application environment, following Siemens' operational guidelines.
## Detection
- Indicators of Compromise: Not specifically detailed, but monitoring for unauthorized modifications to the `OIDC.Token` entity's access control lists (ACLs) or successful access to tokens by non-administrator roles.
- Detection methods and tools: Review the module configuration and runtime access controls for the `OIDC.Token` entity within the Mendix application security settings.
## References
- Vendor Advisories: SSA-726617
- Relevant links - defanged:
- Siemens Security Advisory Portal: hxxps://cert-portal.siemens.com/productcert/html/ssa-726617.html
- Siemens Industrial Security Guidelines: hxxps://www.siemens.com/cert/operational-guidelines-industrial-security
- Siemens ProductCERT contact: hxxps://www.siemens.com/cert/advisories