CVE-2025-39752 Cert Portal CVE debrief

Who should care

Operators and maintainers of Siemens SIMATIC CN 4100 systems, especially OT environments running affected versions below V5.0, plus Linux/embedded teams using Rockchip ARM platforms where SMP initialization reliability matters.

Technical summary

The source advisory describes a race during secondary CPU bring-up on ARM Rockchip systems. The main CPU writes trampoline code to SRAM while secondary CPUs may still be powered on; in some cases that can let a secondary CPU execute code at an unexpected time and hang the kernel. The fix moves SRAM initialization to a later point in boot, after secondary CPUs are powered down.

Defensive priority

Moderate. The issue is primarily an availability problem, but in OT and embedded environments a boot hang or intermittent kernel stall can materially affect uptime and recovery. The supplied material does not describe remote code execution or data exposure.

Recommended defensive actions

• Update Siemens SIMATIC CN 4100 to V5.0 or later, per the vendor remediation.
• Confirm whether deployed systems actually match the affected product/version mapping before scheduling maintenance.
• If embedded Linux/Rockchip systems are in scope, review kernel versions and boot logs for SMP-startup hangs.
• Test updates on representative hardware before fleet rollout, especially for boot-critical OT devices.

Evidence notes

The supplied CISA CSAF source and Siemens references consistently describe a Linux kernel ARM Rockchip SMP initialization hang and list update to V5.0 or later as the remediation. The vendor/product mapping in the provided metadata is marked low confidence, so the debrief treats the Siemens SIMATIC CN 4100 association cautiously. This summary avoids unsupported claims and does not include exploit details.

Official resources