PatchSiren cyber security CVE debrief
CVE-2025-21711 Siemens CVE debrief
CVE-2025-21711 is a medium-severity integer overflow vulnerability in the Linux kernel's Amateur Radio X.25 PLP (Packet Layer Protocol) over Rose (Radio Amateur Telecommunications Society) networking implementation. The flaw exists in the `rose_setsockopt()` function within `net/rose`, where insufficient validation of user-supplied socket options can lead to integer overflows. This vulnerability was published on April 9, 2024, and last modified on May 14, 2026. Siemens has identified this vulnerability as affecting the GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP industrial control system product. The CVSS 3.1 vector indicates a local attack vector with low attack complexity, requiring low privileges but no user interaction, resulting in a high availability impact. No confidentiality or integrity impacts are associated with this vulnerability. As of the advisory publication, no patch is available from the vendor.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Industrial control system operators, OT security teams, Siemens SIMATIC S7-1500 TM MFP administrators, critical infrastructure defenders, and organizations running Linux-based embedded systems in operational technology environments
Technical summary
The vulnerability resides in the `rose_setsockopt()` function of the Linux kernel's Amateur Radio ROSE protocol implementation. Integer overflows can occur when processing socket options, potentially leading to denial of service conditions. The attack requires local access with low privileges, making exploitation dependent on attacker presence on the target system or compromise of a low-privileged account. The GNU/Linux subsystem of the Siemens SIMATIC S7-1500 TM MFP is affected, representing an industrial control system deployment context where availability is critical.
Defensive priority
medium
Recommended defensive actions
- Limit access to the interactive shell of the additional GNU/Linux subsystem to trusted personnel only
- Only build and run applications from trusted sources
- Monitor for vendor security updates from Siemens CERT portal for future patch availability
- Apply defense-in-depth strategies for industrial control systems per CISA recommended practices
- Review network segmentation to restrict access to affected systems
Evidence notes
Vulnerability description sourced from CISA CSAF advisory ICSA-24-102-01. Vendor attribution to Siemens SIMATIC S7-1500 TM MFP GNU/Linux subsystem confirmed through CSAF product tree with high confidence. CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H indicates local attack vector with availability impact only. Advisory revision history shows ongoing updates through September 2025 with multiple CVE additions.
Official resources
-
CVE-2025-21711 CVE record
CVE.org
-
CVE-2025-21711 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09