PatchSiren cyber security CVE debrief
CVE-2025-6021 Cert Portal CVE debrief
CVE-2025-6021 is a HIGH-severity flaw in libxml2’s xmlBuildQName function that can cause a stack-based buffer overflow through integer overflow in buffer size calculations. In the Siemens advisory republished by CISA, the affected product line is Siemens SIMATIC CN 4100 versions earlier than 5.0. The documented impact is memory corruption or denial of service when processing crafted input.
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC CN 4100 vers:intdot/<5.0
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
Owners and operators of Siemens SIMATIC CN 4100 devices running versions earlier than 5.0, OT/ICS security teams, patch managers, and integrators that rely on affected Siemens appliances for processing externally supplied or otherwise untrusted input.
Technical summary
The advisory describes an integer overflow in libxml2’s xmlBuildQName buffer size calculations, which can result in a stack-based buffer overflow. CISA’s CSAF advisory ICSA-26-134-10, republishing Siemens ProductCERT SSA-032379, identifies Siemens SIMATIC CN 4100 versions <5.0 as affected and recommends updating to V5.0 or later. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) indicates a network-reachable, no-privileges, no-user-interaction issue with high availability impact.
Defensive priority
High. Prioritize patching affected Siemens SIMATIC CN 4100 deployments to V5.0 or later, especially where the device may process crafted or externally sourced input. Because the issue can lead to memory corruption or denial of service, exposed systems should be treated as urgent patch candidates.
Recommended defensive actions
- Update Siemens SIMATIC CN 4100 to V5.0 or later, per the vendor remediation.
- Inventory deployed SIMATIC CN 4100 units and confirm which versions are earlier than 5.0.
- Review whether affected devices process untrusted or externally supplied input and treat those systems as higher priority.
- Coordinate maintenance windows and change control for OT/ICS environments before applying updates.
- Monitor CISA and Siemens advisories for any follow-on guidance or additional affected products.
Evidence notes
The supplied CISA CSAF source for ICSA-26-134-10 states that the flaw is in libxml2’s xmlBuildQName function and that integer overflows in buffer size calculations can lead to a stack-based buffer overflow, memory corruption, or denial of service. The same source lists Siemens SIMATIC CN 4100 versions <5.0 as affected and provides remediation to update to V5.0 or later. The revision history shows initial publication on 2026-05-12 and a CISA republication on 2026-05-14. No KEV entry was provided.
Official resources
-
CVE-2025-6021 CVE record
CVE.org
-
CVE-2025-6021 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the source advisory on 2026-05-12 UTC, with a CISA republication/update on 2026-05-14 UTC. This debrief uses the CVE published date as the primary timing reference; no KEV listing was provided.