PatchSiren cyber security CVE debrief
CVE-2025-11083 Siemens CVE debrief
CVE-2025-11083 was published on 2025-06-10 and is mapped in the Siemens/CISA advisory to several SIMATIC S7-1500 CPU 1518 MFP variants. The vulnerability is described as a heap-based buffer overflow in GNU Binutils' elf_swap_shdr path, and the CVE record says the exploit has been publicly disclosed. Siemens’ advisory for the listed products does not show an immediate fix in the supplied source and instead emphasizes access restriction and trusted-source guidance for the affected GNU/Linux subsystem.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-10
- Original CVE updated
- 2026-05-14
- Advisory published
- 2025-06-10
- Advisory updated
- 2026-05-14
Who should care
OT engineers, plant operators, and maintenance teams responsible for the listed Siemens SIMATIC S7-1500 CPU models; anyone with access to the device’s interactive shell; and teams that deploy or review applications running in the affected GNU/Linux subsystem.
Technical summary
The source corpus describes a heap-based buffer overflow in bfd/elfcode.h, specifically elf_swap_shdr, within GNU Binutils 2.45. In the Siemens advisory context, the affected exposure is tied to the additional GNU/Linux subsystem on the listed SIMATIC S7-1500 CPU models. The CVSS vector provided in the source is AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L (5.3), which indicates a local attack requiring some level of local access. Siemens’ stated mitigations are to limit interactive shell access to trusted personnel and only build and run applications from trusted sources.
Defensive priority
Medium. The attack path is local rather than remote, but the vulnerability is publicly disclosed and affects operational technology devices where local access may still be meaningful.
Recommended defensive actions
- Restrict interactive shell access on affected devices to trusted personnel only, as Siemens recommends.
- Only build and run applications from trusted sources on the affected GNU/Linux subsystem.
- Inventory the listed SIMATIC S7-1500 CPU variants and confirm whether the relevant subsystem is present and in use.
- Monitor Siemens ProductCERT and CISA updates for a product fix; the supplied Siemens advisory currently lists no fix available.
- If you also run upstream GNU Binutils outside Siemens products, move to a release that includes the 2.46 fix noted in the CVE description.
Evidence notes
The supplied sources are consistent on the core vulnerability mechanics: a heap-based buffer overflow in GNU Binutils' elf_swap_shdr, with local attack conditions and public disclosure noted in the CVE record. The Siemens/CISA CSAF advisory maps the CVE to specific SIMATIC S7-1500 CPU product variants and provides mitigation guidance, but its remediation list says no fix is currently available for those products. The CVE description separately notes that the maintainer said the issue was '[f]ixed for 2.46,' which should be treated as upstream Binutils context rather than a Siemens product patch status.
Official resources
-
CVE-2025-11083 CVE record
CVE.org
-
CVE-2025-11083 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
The CVE record states that the exploit has been disclosed to the public. The supplied Siemens/CISA advisory material focuses on affected products and mitigations rather than exploitation telemetry.