PatchSiren cyber security CVE debrief
CVE-2025-21687 Siemens CVE debrief
CVE-2025-21687 is a vulnerability in the Linux kernel's VFIO platform driver where read/write syscall parameters (count and offset) passed from user space were not properly validated against device bounds. While offset was capped to 40 bits, count remained unchecked, enabling out-of-bounds read/write operations on the device. The vulnerability was resolved by adding proper bounds checking. Siemens has identified affected products in its industrial networking portfolio, including RUGGEDCOM RST2428P and SCALANCE switch families, which incorporate the vulnerable Linux kernel component. CISA published this advisory on August 12, 2025, with subsequent updates through February 25, 2026, to refine affected product listings and incorporate corrections from Siemens ProductCERT.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- NONE
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking equipment including RUGGEDCOM RST2428P switches and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 and XCM-/XRM-/XCH-/XRH-300 switch families. System administrators responsible for Linux-based embedded systems in operational technology environments. Security teams managing industrial control system infrastructure with VFIO-enabled devices.
Technical summary
The vulnerability exists in the vfio/platform driver within the Linux kernel. The driver handles read and write system calls where count and offset parameters originate from user space. Prior to the fix, only the offset parameter was limited to 40 bits; the count parameter lacked validation against device memory bounds. This deficiency allowed user-space processes to specify read or write operations extending beyond the actual device memory region, resulting in out-of-bounds access. The resolution implements proper bounds checking for both parameters against the device's registered memory regions.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided updates to affected Siemens products: update RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family to V3.2 or later
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance and update paths
- Implement network segmentation for industrial control systems to limit exposure of affected devices
- Follow CISA ICS recommended practices for defense-in-depth strategies
- Monitor Siemens ProductCERT and CISA ICS advisories for additional updates to affected product configurations
Evidence notes
The vulnerability description is drawn from the Linux kernel commit message referenced in CISA advisory ICSA-25-226-07. Siemens ProductCERT advisory SSA-355557 provides the authoritative affected product list and remediation guidance. The CVSS vector AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N indicates network attack vector with high complexity, no confidentiality or integrity impact, and no availability impact, resulting in a base score of 0.0 (NONE severity).
Official resources
-
CVE-2025-21687 CVE record
CVE.org
-
CVE-2025-21687 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12