PatchSiren cyber security CVE debrief
CVE-2025-0395 Cert Portal CVE debrief
CVE-2025-0395 describes a buffer overflow risk in the GNU C Library assert() failure path when the assertion message size aligns with page size. In the CISA-republished Siemens advisory, the issue is associated with multiple RUGGEDCOM ROX products, and Siemens recommends updating to V2.17.1 or later. The CVSS v3.1 vector indicates a locally exploitable availability issue with no confidentiality or integrity impact.
- Vendor
- Cert Portal
- Product
- Siemens RUGGEDCOM ROX MX5000 vers:intdot/<2.17.1 RUGGEDCOM ROX MX5000RE RUGGEDCOM ROX RX1400 RUGGEDCOM ROX RX1500 RUGGEDCOM ROX RX1501 RUGGEDCOM ROX RX1510 RUGGEDCOM ROX RX1511 RUGGEDCOM ROX RX1512 RUGGEDCOM ROX RX1524 RUGGEDCOM ROX RX1536 RUGGEDCOM ROX RX5000
- CVSS
- MEDIUM 6.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
OT/ICS operators and maintainers of Siemens RUGGEDCOM ROX MX5000, MX5000RE, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, and RX5000 deployments should review this advisory. Security teams responsible for Linux-based embedded platforms that rely on affected GNU C Library versions should also validate their exposure.
Technical summary
The underlying flaw is in the GNU C Library assert() failure path. When an assertion fails, the code does not allocate enough space for the failure message string and associated size information, which can overflow a buffer if the message length aligns to page size. The source advisory ties the issue to Siemens RUGGEDCOM ROX products and lists remediation as upgrading to V2.17.1 or later. The published CVSS vector is AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating local attack conditions and availability impact only.
Defensive priority
Medium priority. Treat as a prompt maintenance item for OT systems: schedule remediation in the next feasible maintenance window, with higher urgency where local code execution paths, scripts, or untrusted operator access exist.
Recommended defensive actions
- Upgrade affected Siemens RUGGEDCOM ROX devices to V2.17.1 or later, as recommended by Siemens.
- Inventory the listed RUGGEDCOM ROX models and confirm whether they are running impacted software versions before the maintenance window.
- Restrict local access to the devices and any administration or automation paths that could trigger the assert() failure path.
- Monitor Siemens and CISA advisory updates for any changes to affected product scope or remediation guidance.
- Document patch status and validate recovery procedures for OT devices before applying updates.
Evidence notes
The timing in this debrief uses the supplied CVE publication date of 2026-05-12 and modified date of 2026-05-14. The issue description, affected product family, and remediation all come from the supplied CISA CSAF source item and its Siemens reference material. The CVSS vector AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H supports a local, availability-focused issue.
Official resources
-
CVE-2025-0395 CVE record
CVE.org
-
CVE-2025-0395 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA first published the advisory on 2026-05-12 and republished it on 2026-05-14 with Siemens ProductCERT SSA-577017 content. This debrief uses those supplied advisory dates for timing context; it does not infer an exploit date or a patch-1