PatchSiren cyber security CVE debrief
CVE-2025-39716 Cert Portal CVE debrief
CVE-2025-39716 is a medium-severity Linux kernel parisc vulnerability described in the CISA/Siemens advisory published on 2026-05-12 and republished on 2026-05-14. The flaw involves __get_user() failing to properly probe user read access, which could let user code reach a read-protected address via a system call. The supplied remediation is to update to V5.0 or later for the affected Siemens SIMATIC CN 4100 package.
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC CN 4100 vers:intdot/<5.0
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
Administrators and security teams responsible for Siemens SIMATIC CN 4100 deployments covered by the advisory, Linux kernel maintainers or operators in parisc environments, and OT/ICS defenders managing systems that include this software stack.
Technical summary
According to the advisory text, read-access interruptions on parisc are only triggered at privilege levels 2 and 3, while the kernel runs at privilege level 0. Because of that mismatch, __get_user() did not trigger the expected read-access interruption (code 26) when reading protected memory. The fix probes read access at PRIV_USER (privilege level 3) and sets __gu_err to -EFAULT (-14) when access is not allowed. The advisory also notes that cmpiclr performs a 32-bit compare in this context because COND does not work inside inline asm.
Defensive priority
Medium priority; patch affected deployments promptly because the issue is locally reachable, requires low privileges, and has high availability impact in the supplied CVSS vector.
Recommended defensive actions
- Apply the vendor remediation: update to V5.0 or later for the affected Siemens SIMATIC CN 4100 package.
- Verify whether your deployed product lineage matches the advisory scope before and after remediation, since the supplied advisory metadata mixes Linux kernel text with Siemens product packaging.
- Prioritize systems exposed to untrusted local users or scripts that can invoke system calls against the affected kernel path.
- Track the advisory publication and republication dates in change-management records: 2026-05-12 initial publication and 2026-05-14 CISA republication.
- Use standard ICS defensive measures from the linked CISA guidance while patching and validating the change.
Evidence notes
The supplied CISA CSAF source states the kernel-side issue in parisc __get_user(), the advisory publication date (2026-05-12), the republication date (2026-05-14), the CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, and the remediation to update to V5.0 or later. The vendor/product metadata is marked low confidence and needs review, so the Siemens product mapping should be validated against the advisory before operational use.
Official resources
-
CVE-2025-39716 CVE record
CVE.org
-
CVE-2025-39716 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory data in the supplied source shows initial publication on 2026-05-12 and CISA republication on 2026-05-14. No KEV listing was supplied. Treat these as advisory timeline markers, not proof of exploitation.