PatchSiren cyber security CVE debrief
CVE-2025-39798 Cert Portal CVE debrief
CVE-2025-39798 is a medium-severity vulnerability tied in the advisory to Linux kernel NFS capability handling during automounting of a new filesystem. The source material says capabilities must be reset to minimal defaults when crossing into a new filesystem, then re-evaluated. CISA’s advisory maps the issue to Siemens SIMATIC CN 4100 versions earlier than 5.0, but the vendor/product linkage in the supplied data is low confidence and should be reviewed before broad assumptions are made.
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC CN 4100 vers:intdot/<5.0
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
Operators and maintainers responsible for Siemens SIMATIC CN 4100 deployments identified in the advisory, especially where the device or embedded platform automounts NFS filesystems. Linux kernel maintainers and OT administrators should also note the capability-handling change if similar filesystem behavior exists in their environment.
Technical summary
The advisory text describes a Linux kernel fix for NFS automount behavior: capabilities cannot be inherited across a filesystem boundary, so they must be reset to minimal defaults and probed again. The supplied CVSS vector is AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local attack conditions and a primary availability impact. No exploit details are provided in the source corpus.
Defensive priority
Medium — prioritize vendor remediation if the affected Siemens product is deployed and uses NFS automounting; otherwise monitor exposure and confirm whether the advisory applies to your platform.
Recommended defensive actions
- Update Siemens SIMATIC CN 4100 to V5.0 or later, as listed in the vendor remediation.
- Confirm whether the affected device or image actually uses NFS automounting and whether the advisory applies to your deployment.
- Review filesystem and capability-related hardening on Linux-based OT systems that mount remote filesystems.
- Track the official Siemens and CISA advisories for any clarification or revised product mapping.
- Treat the vendor/product mapping as unconfirmed until validated against your asset inventory and the Siemens advisory.
Evidence notes
The supplied CISA CSAF advisory (ICSA-26-134-10) and its referenced Siemens ProductCERT advisory describe the issue as a Linux kernel NFS capability-setting fix and list Siemens SIMATIC CN 4100 versions earlier than 5.0 as affected. The source data also marks the vendor/product mapping confidence as low and needs review, so the product association should not be overstated. Published date used here is 2026-05-12 with modification on 2026-05-14, per the supplied timeline.
Official resources
-
CVE-2025-39798 CVE record
CVE.org
-
CVE-2025-39798 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE published 2026-05-12 and modified 2026-05-14, based on the supplied timeline. This debrief uses only the provided advisory corpus and official references; vendor mapping is flagged low-confidence in the source data.