CVE-2025-7425 Cert Portal CVE debrief

Who should care

Owners and operators of Siemens SIMATIC CN 4100 systems running versions earlier than 5.0, plus ICS security and patch-management teams responsible for those environments. Teams using libxslt-backed XSLT processing in affected deployments should also review exposure.

Technical summary

The advisory describes a flaw in libxslt where attribute type, atype, and flags are modified in a way that corrupts internal memory management. When XSLT functions such as key() produce tree fragments, ID attribute cleanup can be mishandled, leaving freed memory accessible. The supplied CVSS vector (AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H) indicates local attack conditions, high complexity, no privileges or user interaction, and potential impact to integrity and availability.

Defensive priority

High. Prioritize affected Siemens SIMATIC CN 4100 systems for upgrade to V5.0 or later during the next maintenance window, with extra urgency in environments where the product is operationally critical.

Recommended defensive actions

• Upgrade Siemens SIMATIC CN 4100 to V5.0 or later, per the vendor remediation guidance.
• Confirm which deployed systems run SIMATIC CN 4100 versions earlier than 5.0 and document exposure.
• Plan and test the update in a controlled maintenance window appropriate for industrial-control environments.
• Use CISA-recommended ICS defense-in-depth practices to reduce blast radius while remediation is scheduled.
• Watch for application crashes or abnormal behavior associated with XSLT processing and libxslt usage in affected systems.

Evidence notes

Source evidence comes from the CISA CSAF advisory ICSA-26-134-10, which republishes Siemens ProductCERT SSA-032379. The supplied revision history shows initial publication on 2026-05-12 and CISA republication on 2026-05-14. The advisory text, product scope, CVSS vector, and remediation all come from the provided corpus; no KEV listing was supplied.

Official resources