PatchSiren cyber security CVE debrief
CVE-2025-39800 Cert Portal CVE debrief
CVE-2025-39800 is a Linux kernel btrfs issue where an unexpected extent buffer generation at btrfs_copy_root() was previously only warned about, rather than causing the transaction to abort. According to the advisory text, that behavior could allow metadata with an unexpected generation to persist. CISA’s advisory for Siemens SIMATIC CN 4100 lists a vendor fix of V5.0 or later. The advisory was first published on 2026-05-12 and republished/updated on 2026-05-14.
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC CN 4100 vers:intdot/<5.0
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
Operators and maintainers of Siemens SIMATIC CN 4100 systems, especially environments running affected firmware/software versions below V5.0. Linux and storage subsystem maintainers should also note the underlying btrfs fix because the issue is in kernel metadata handling.
Technical summary
The vulnerability is a defensive correctness issue in btrfs_copy_root(): when the extent buffer generation is not what the code expects, the prior behavior was to WARN_ON() and continue rather than abort the transaction. The fix changes this to abort the transaction and return -EUCLEAN, reducing the chance that unexpected metadata state is persisted. The supplied CVSS vector is AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, with a medium base score of 5.5.
Defensive priority
Medium. Prioritize if the affected Siemens platform is deployed in operational or production environments, since the issue can impact availability and metadata integrity handling in a kernel storage path.
Recommended defensive actions
- Upgrade Siemens SIMATIC CN 4100 to V5.0 or later, as listed in the supplied remediation.
- Verify whether any deployed systems match the affected product scope: Siemens SIMATIC CN 4100 versions earlier than V5.0.
- Track CISA advisory ICSA-26-134-10 and the linked Siemens ProductCERT advisory for any follow-up revisions.
- If immediate upgrading is not possible, increase change-control scrutiny around filesystem and kernel updates on affected hosts and schedule maintenance as soon as feasible.
- Use standard ICS defense-in-depth and recommended practices for layered protection and recovery planning.
Evidence notes
All claims are drawn from the supplied CISA CSAF source item and its referenced official links. The source metadata lists the affected product as Siemens SIMATIC CN 4100 versions earlier than V5.0 and a remediation to update to V5.0 or later. The vulnerability description states that btrfs_copy_root() previously warned on unexpected extent buffer generation instead of aborting the transaction and returning -EUCLEAN. The supplied advisory metadata shows publication on 2026-05-12 and an update/republication on 2026-05-14. No KEV entry or threat-campaign field was provided in the corpus.
Official resources
-
CVE-2025-39800 CVE record
CVE.org
-
CVE-2025-39800 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Published by CISA on 2026-05-12 and republished/updated on 2026-05-14. No KEV date was supplied, and the provided enrichment data does not indicate known ransomware campaign use.