CVE-2025-39685 Cert Portal CVE debrief

Who should care

Organizations operating Siemens SIMATIC CN 4100 systems covered by the advisory, and defenders responsible for Linux kernel deployments that include the affected comedi/pcl726 driver path. Because the CVSS vector is local and requires privileges, this is primarily a hardening and patch-management issue for trusted-user or device-management environments.

Technical summary

The advisory text says a reproducer passed an IRQ value of 0x80008000, which was too large and triggered an out-of-bounds condition. The discussed fix is to add interrupt-number validation so users cannot supply an IRQ number that exceeds the valid range. The source also notes a related C-language concern: shifting 1 into bit 31 with `1 << it->options[1]` is undefined behavior, so the upper bound should be constrained or an unsigned shift should be used. The CVSS vector provided by the source is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access, low complexity, low privileges, no user interaction, and high availability impact.

Defensive priority

Medium. The issue is not network-reachable in the provided CVSS vector, but it can still cause service-impacting behavior on systems that expose the affected driver or device configuration path. Patch priority should be elevated where the advisory’s product scope applies or where local device-management interfaces are accessible to lower-privileged users.

Recommended defensive actions

• Apply the vendor-recommended update to V5.0 or later for the affected product line, per the advisory.
• Review whether any deployed systems actually include the affected comedi/pcl726 code path or the Siemens product named in the advisory metadata.
• Limit local access to device-configuration interfaces and other paths that can set IRQ-related options.
• Validate and sanitize driver- or device-level numeric inputs before they reach bit-shift or IRQ-request logic.
• Monitor for advisory updates or clarifications because the source corpus contains a Linux-kernel/product-metadata mismatch that affects scoping.

Evidence notes

Source evidence states that an oversized IRQ value (0x80008000) triggered an out-of-bounds condition and that the fix is to add an interrupt-number check. The advisory metadata lists Siemens SIMATIC CN 4100 vers:intdot/<5.0 and recommends updating to V5.0 or later. The same source corpus links to CVE.org, NVD, the CISA ICS advisory page, and Siemens ProductCERT advisory references. Published: 2026-05-12; modified/republished: 2026-05-14. Because the source text and product metadata do not fully align, product applicability should be treated as requiring confirmation.

Official resources