CVE-2025-0665 Siemens CVE debrief

Who should care

Siemens OT/ICS administrators, industrial network engineers, asset owners of affected RUGGEDCOM and SCALANCE devices, and security teams responsible for firmware lifecycle management.

Technical summary

The source advisory describes a libcurl bug where a connection channel teardown can wrongly close the same eventfd file descriptor twice after a threaded name resolve completes. CISA’s CSAF record ties the issue to Siemens SINEC OS firmware and lists multiple affected Siemens product families. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L, indicating a network-reachable issue with limited but real impact.

Defensive priority

High

Recommended defensive actions

• Update affected Siemens devices to V3.3 or later, per Siemens remediation guidance.
• Confirm which deployed models and firmware revisions are actually in scope, since CISA later clarified and expanded the affected-product listing.
• Prioritize patching of exposed or operationally critical assets during planned maintenance windows.
• After remediation, verify firmware version and validate normal service behavior on each updated device.
• Apply industrial-control-system network segmentation and minimize management-plane exposure, following CISA ICS recommended practices.
• Monitor Siemens and CISA advisories for any additional scope or remediation updates.

Evidence notes

The source corpus consistently describes the flaw as libcurl incorrectly closing the same eventfd file descriptor twice after threaded name resolution. Siemens remediation guidance in the advisory points to updating to V3.3 or later. The CISA CSAF revision history shows publication on 2026-01-28, a 2026-02-24 scope clarification, and a 2026-02-25 republication update based on Siemens ProductCERT advisory SSA-089022.

Official resources