PatchSiren cyber security CVE debrief
CVE-2025-23160 Cert Portal CVE debrief
CVE-2025-23160 is a medium-severity availability issue described in a CISA/Siemens advisory for Siemens SIMATIC CN 4100 versions before 5.0. The underlying flaw is a Linux kernel media driver resource leak in firmware initialization on Mediatek devices with a system companion processor (SCP). Siemens’ remediation guidance is to update to V5.0 or later. Based on the supplied source corpus, this appears to be an availability-focused issue rather than a code-execution flaw, and there is no KEV listing or ransomware linkage in the provided data.
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC CN 4100 vers:intdot/<5.0
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
Operators and maintainers of Siemens SIMATIC CN 4100 systems running versions earlier than 5.0, especially OT/ICS teams responsible for patching vendor firmware/software updates. Linux kernel and platform teams supporting Mediatek-based deployments with SCP-dependent firmware initialization should also review the fix path.
Technical summary
The advisory describes a resource leak in Linux kernel media: mediatek: vcodec firmware initialization. On Mediatek devices with a system companion processor (SCP), the mtk_scp structure must be explicitly removed to avoid leaking resources when firmware-structure allocation fails during initialization. The supplied CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates local attack conditions with high availability impact and no confidentiality or integrity impact.
Defensive priority
Medium. The issue is not marked as KEV and the supplied data does not indicate active exploitation, but it does affect availability and is assigned CVSS 5.5. Prioritize if the affected Siemens product is deployed in operational environments where downtime matters.
Recommended defensive actions
- Update Siemens SIMATIC CN 4100 to V5.0 or later, per the vendor remediation guidance.
- Confirm whether any deployed systems match the affected product/version scope before scheduling maintenance.
- Review whether affected devices depend on Mediatek SCP firmware initialization paths and validate post-update stability.
- Track the linked Siemens and CISA advisories for any follow-up guidance or revised scope.
- In OT environments, apply updates through change-controlled maintenance windows and verify rollback plans.
Evidence notes
The CVE description in the supplied CSAF source states: 'In the Linux kernel... media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization... Free the structure in case the allocation of the firmware structure fails during the firmware initialization.' The source metadata ties this to Siemens SIMATIC CN 4100 versions <5.0 and cites a vendor fix of 'Update to V5.0 or later version.' The advisory publication date is 2026-05-12 with a CISA republication/update on 2026-05-14. No KEV metadata is present in the supplied corpus.
Official resources
-
CVE-2025-23160 CVE record
CVE.org
-
CVE-2025-23160 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Published by CISA on 2026-05-12 and republished/updated on 2026-05-14 in the supplied source history. The provided corpus does not include KEV inclusion or exploitation notes.