PatchSiren cyber security CVE debrief

CVE-2025-9714 Cert Portal CVE debrief

CVE-2025-9714 is a medium-severity local denial-of-service vulnerability in libxml2 XPath evaluation. According to the Siemens ProductCERT advisory republished by CISA on 2026-05-12 and updated on 2026-05-14, recursive XPath processing functions could reset recursion depth to zero before making recursive calls, allowing uncontrolled recursion and a stack overflow when crafted expressions are processed. Siemens lists multiple RUGGEDCOM ROX products as affected and recommends updating to V2.17.1 or later.

Vendor: Cert Portal
Product: Siemens RUGGEDCOM ROX MX5000 vers:intdot/<2.17.1 RUGGEDCOM ROX MX5000RE RUGGEDCOM ROX RX1400 RUGGEDCOM ROX RX1500 RUGGEDCOM ROX RX1501 RUGGEDCOM ROX RX1510 RUGGEDCOM ROX RX1511 RUGGEDCOM ROX RX1512 RUGGEDCOM ROX RX1524 RUGGEDCOM ROX RX1536 RUGGEDCOM ROX RX5000
CVSS: MEDIUM 6.2
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-05-12
Original CVE updated: 2026-05-14
Advisory published: 2026-05-12
Advisory updated: 2026-05-14

Who should care

Industrial control and network operations teams responsible for Siemens RUGGEDCOM ROX devices, especially administrators of the listed ROX MX5000, MX5000RE, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, and RX5000 platforms. Also relevant for security teams that manage local access controls on embedded/industrial systems that parse XPath content.

Technical summary

The flaw is in libxml2 XPath evaluation logic. The advisory states that xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr were resetting recursion depth to zero before potentially recursive calls. In recursive use, that could bypass recursion-depth control and lead to uncontrolled recursion and stack overflow. The published CVSS vector is AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, which aligns with a local attack that primarily affects availability. Siemens indicates the fix is to preserve recursion depth across recursive calls and to update affected products to version 2.17.1 or later.

Defensive priority

High for environments running affected Siemens RUGGEDCOM ROX firmware or software that includes vulnerable libxml2 handling. While the issue is local-only and not rated critical, it can still cause denial of service on industrial devices, so patching should be prioritized during the next maintenance window and expedited if local access exposure is broader than expected.

Recommended defensive actions

Update affected Siemens RUGGEDCOM ROX devices to V2.17.1 or later, per the Siemens advisory.
Confirm which ROX models in your environment are using affected libxml2 components and whether any are running versions earlier than 2.17.1.
Review local access paths to management or maintenance interfaces, since the vulnerability requires local attack conditions.
Apply least-privilege and restrict shell, administrative, and maintenance access on affected devices.
Monitor for unexpected crashes or stack-overflow-related instability on affected systems until remediation is complete.

Evidence notes

Source evidence comes from the CISA CSAF republishing of Siemens ProductCERT advisory SSA-577017 (ICSA-26-134-16), published 2026-05-12 and republished by CISA on 2026-05-14. The advisory text states the libxml2 XPath recursion issue, identifies the impacted Siemens RUGGEDCOM ROX product family, and recommends updating to V2.17.1 or later. The supplied CVSS vector is AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, supporting a local availability-impacting denial-of-service assessment. The vendor metadata in the source corpus is low-confidence and should not override the advisory text.

Official resources

Public advisory published by CISA on 2026-05-12 and republished on 2026-05-14 from Siemens ProductCERT; no KEV listing is indicated in the supplied source corpus.