PatchSiren cyber security CVE debrief
CVE-2025-9820 Cert Portal CVE debrief
CVE-2025-9820 describes a stack-based buffer overflow in GnuTLS's gnutls_pkcs11_token_init() routine when processing an unexpectedly long PKCS#11 token label. In the CISA/Siemens advisory, the issue is tied to Siemens SIMATIC CN 4100 versions earlier than 5.0, with Siemens recommending an update to V5.0 or later. The primary documented impact is denial of service via crash, with code execution also described as possible under certain conditions.
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC CN 4100 vers:intdot/<5.0
- CVSS
- MEDIUM 4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
Operators and administrators responsible for Siemens SIMATIC CN 4100 devices, especially versions earlier than 5.0, and teams that deploy or integrate software using GnuTLS for PKCS#11 token initialization on affected systems.
Technical summary
The advisory attributes CVE-2025-9820 to a memory-safety error in GnuTLS's gnutls_pkcs11_token_init() function. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer, which is consistent with CWE-121. The source advisory lists the affected Siemens product scope as SIMATIC CN 4100 versions before 5.0 and recommends upgrading to V5.0 or later. The published CVSS vector is AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L, reflecting local attack conditions and availability impact.
Defensive priority
Medium. The issue is locally exploitable and primarily affects availability, but the buffer overflow also raises concern for more serious outcomes in some conditions. Prioritize remediation where Siemens SIMATIC CN 4100 versioning or GnuTLS PKCS#11 use is present.
Recommended defensive actions
- Confirm whether any deployed Siemens SIMATIC CN 4100 systems are running versions earlier than 5.0.
- Apply Siemens's remediation guidance and update to V5.0 or later where applicable.
- Review any software or appliance configurations that rely on GnuTLS PKCS#11 token initialization and verify vendor guidance for patched builds.
- Monitor affected systems for crashes or abnormal behavior consistent with memory corruption during token initialization.
- Use CISA's industrial control system recommended practices to reduce exposure while remediation is being planned.
Evidence notes
Source evidence comes from CISA's CSAF advisory ICSA-26-134-10, which republishes Siemens ProductCERT advisory SSA-032379. The source item was published on 2026-05-12 and modified on 2026-05-14, and the advisory text explicitly names the GnuTLS gnutls_pkcs11_token_init() stack-buffer overflow, the Siemens SIMATIC CN 4100 product scope, and the recommended fix of updating to V5.0 or later. The CVSS vector supplied in the source is CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L.
Official resources
-
CVE-2025-9820 CVE record
CVE.org
-
CVE-2025-9820 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
The CVE was published on 2026-05-12 and updated on 2026-05-14. CISA's advisory republishes Siemens ProductCERT's initial advisory during that same window, so the disclosure timeline in the source corpus should be treated as 2026-05-12 for C