CVE-2025-21719 Siemens CVE debrief

Who should care

Organizations operating Siemens SIMATIC S7-1500 TM MFP systems in industrial environments, particularly those utilizing the GNU/Linux subsystem for custom applications. System administrators responsible for OT/ICS security and personnel managing multicast networking configurations should prioritize access controls given the absence of an available patch. CISOs and OT security teams should incorporate this into risk assessments for defense-in-depth strategies.

Technical summary

The vulnerability exists in the Linux kernel's IP multicast routing (ipmr) implementation. The function `mr_mfc_uses_dev()` is incorrectly invoked on unresolved MFC (multicast forwarding cache) entries, which can trigger a denial of service condition. This is a local vulnerability requiring low privileges with no user interaction needed. The attack impacts availability only (no confidentiality or integrity impact per CVSS). The affected product is the GNU/Linux subsystem within Siemens' SIMATIC S7-1500 TM MFP, an industrial technology CPU with multifunctional platform capabilities.

Defensive priority

medium

Recommended defensive actions

• Limit access to the interactive shell of the additional GNU/Linux subsystem to trusted personnel only
• Only build and run applications from trusted sources
• Monitor for future security updates from Siemens for the SIMATIC S7-1500 TM MFP product line
• Apply defense-in-depth strategies for industrial control systems per CISA guidance

Evidence notes

The vulnerability description 'ipmr: do not call mr_mfc_uses_dev() for unres entries' indicates a kernel-level issue in the IP multicast routing implementation. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) confirms local attack requirements with high availability impact. Siemens remediation guidance explicitly states 'Currently no fix is available' as of the advisory publication.

Official resources