A vulnerability was found in Siemens SINEC NMS up to 4.0 SP2 . It has been classified as critical . This affects an unknown function of the component Password Reset Handler . The manipulation leads to authorization bypass. This vulnerability is traded as CVE-2026-25654 . It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.