PatchSiren cyber security CVE debrief
CVE-2025-21712 Siemens CVE debrief
CVE-2025-21712 is a Siemens-disclosed availability issue affecting several SIMATIC S7-1500 CPU family products that include an additional GNU/Linux subsystem. The advisory describes a Linux md/md-bitmap flaw where bitmap_get_stats() can be called after a bitmap is destroyed or before it is fully initialized, which can crash the kernel. Siemens states there is currently no fix available and recommends restricting access to the subsystem and only using trusted applications.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-10
- Original CVE updated
- 2026-05-14
- Advisory published
- 2025-06-10
- Advisory updated
- 2026-05-14
Who should care
Operators, engineers, and maintainers of the affected Siemens SIMATIC S7-1500 CPU 1518/1518F MFP variants, especially environments that use the additional GNU/Linux subsystem or allow interactive shell access to it. Industrial control deployments should treat this as an operational stability issue because the reported impact is kernel crash/denial of service.
Technical summary
The supplied advisory ties CVE-2025-21712 to md/md-bitmap in the Linux kernel. bitmap_get_stats() may be invoked even when the bitmap object has been destroyed or is not fully initialized, creating a race or lifecycle synchronization problem that can lead to a kernel crash. The described fix is to synchronize bitmap_get_stats() with bitmap_info.mutex. The CVSS vector in the source is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, consistent with local, low-privilege availability impact.
Defensive priority
Medium, with elevated operational priority in production OT environments. The issue is locally exploitable and availability-only, but it can still cause a kernel crash in affected systems. Prioritize mitigation if the additional GNU/Linux subsystem is enabled or exposed to trusted but broad user access.
Recommended defensive actions
- Restrict access to the interactive shell of the additional GNU/Linux subsystem to trusted personnel only.
- Only build and run applications from trusted sources on the affected systems.
- Review whether the additional GNU/Linux subsystem is needed at all, and disable or minimize access where operationally feasible.
- Monitor Siemens ProductCERT and CISA advisory updates for a vendor fix or revised guidance.
- Apply standard industrial-control defense-in-depth practices for access control and least privilege.
- Document the affected product IDs and maintain asset visibility for the five listed SIMATIC/SIPLUS CPU variants.
Evidence notes
All core claims are taken from the supplied Siemens/CISA CSAF source item and its referenced advisory materials. The source explicitly says bitmap_get_stats() can be called when the bitmap is destroyed or not fully initialized, that the result is a kernel crash, and that synchronizing with bitmap_info.mutex is the fix. The remediation section in the supplied advisory states there is currently no fix available and recommends limiting shell access to trusted personnel and using trusted application sources. The CVE published date used here is 2025-06-10, and the latest source/CISA republication update is 2026-05-14.
Official resources
-
CVE-2025-21712 CVE record
CVE.org
-
CVE-2025-21712 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2025-06-10 in Siemens ProductCERT advisory SSA-082556 and CISA ICS Advisory ICSA-25-162-05; the source advisory was republished/updated by CISA most recently on 2026-05-14.