PatchSiren cyber security CVE debrief
CVE-2025-10148 Siemens CVE debrief
CVE-2025-10148 is described as a network-reachable flaw that can let a malicious server influence traffic in a way a configured or transparent proxy may misinterpret as legitimate HTTP content, creating cache-poisoning risk. In the supplied source corpus, Siemens ties the advisory to COMOS versions V10.4, V10.4.5, V10.5, and V10.6 and recommends updating to V10.6.1 or later, but the vulnerability text itself references curl's WebSocket code, so the source bundle should be cross-checked before remediation planning.
- Vendor
- Siemens
- Product
- COMOS V10.4
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-12-09
- Original CVE updated
- 2026-03-12
- Advisory published
- 2025-12-09
- Advisory updated
- 2026-03-12
Who should care
Siemens COMOS administrators, OT security teams, and any environment that routes COMOS or related client traffic through configured or transparent proxies, shared caches, or inspection devices. Asset owners using CISA/Siemens advisory data for patch and change-management planning should review this item carefully.
Technical summary
The advisory text says curl's WebSocket implementation did not update the 32-bit mask for each outgoing frame as required, instead reusing a fixed mask across the connection. A predictable mask pattern can help a malicious server shape traffic that a proxy may treat as genuine HTTP content, enabling cache poisoning. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (5.3, Medium).
Defensive priority
Medium, with higher urgency if affected systems sit behind shared or transparent proxy infrastructure. The main risk is integrity of cached content rather than direct host compromise, but poisoned cache entries can affect many downstream users.
Recommended defensive actions
- Confirm whether your deployment matches the advisory's affected COMOS versions and note that the source revision history later removed CVE-2025-10148 from COMOS V10.5.2 as not affected.
- Update to Siemens COMOS V10.6.1 or later, or use Siemens support to obtain the applicable patch and update guidance.
- Review any proxy, cache, or inspection path between clients and servers; reduce exposure where practical and validate that these components are not caching untrusted content.
- Apply CISA and Siemens defense-in-depth guidance for OT environments, including segmentation and least-exposure networking.
- Prioritize validation and patching through normal OT change control, especially where the product is internet-accessible or traverses shared network services.
Evidence notes
The supplied source item is a CISA CSAF advisory for Siemens COMOS (ICSA-26-043-03) with publishedAt 2025-12-09 and modifiedAt 2026-03-12. Its revision history shows additional updates on 2026-01-13, 2026-02-10, 2026-02-12, and 2026-03-10; it also records that CVE-2025-10148 was removed from COMOS V10.5.2 because that version line is not affected. The corpus does not mark this CVE as KEV and does not provide ransomware-campaign use. The source bundle contains a notable context mismatch: the vulnerability description text references curl WebSocket masking behavior, while the vendor/product metadata and remediation guidance reference Siemens COMOS.
Official resources
-
CVE-2025-10148 CVE record
CVE.org
-
CVE-2025-10148 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA's republished Siemens ProductCERT advisory ICSA-26-043-03 on 2025-12-09 and updated through 2026-03-12. The supplied corpus does not indicate KEV inclusion or known ransomware campaign use.