PatchSiren cyber security CVE debrief
CVE-2025-21744 Siemens CVE debrief
CVE-2025-21744 is a NULL pointer dereference vulnerability in the brcmfmac Wi-Fi driver, specifically within the `brcmf_txfinalize()` function. The vulnerability affects Siemens SIMATIC S7-1500 TM MFP industrial control systems through their GNU/Linux subsystem. A local attacker with low privileges can trigger a denial-of-service condition without user interaction. The CVSS 3.1 score of 5.5 (MEDIUM) reflects local attack vector, low attack complexity, and low privilege requirements with high availability impact. No confidentiality or integrity impacts are associated with this vulnerability. CISA published this advisory on April 9, 2024, with subsequent updates through September 2025 adding related CVEs to the same advisory bundle. Siemens has not released a patch; mitigation relies on access controls and trusted application sourcing.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Industrial control system operators using Siemens SIMATIC S7-1500 TM MFP with enabled GNU/Linux subsystem; OT security teams managing embedded Linux environments; infrastructure owners with Wi-Fi capable PLCs in operational technology networks.
Technical summary
The vulnerability exists in the Broadcom FullMAC (brcmfmac) wireless driver used within the GNU/Linux subsystem of Siemens SIMATIC S7-1500 TM MFP programmable logic controllers. The `brcmf_txfinalize()` function fails to validate a pointer before dereference, leading to a kernel crash when processing transmit finalization under specific conditions. This is a classic CWE-476 NULL pointer dereference. Exploitation requires local access with low privileges; no authentication bypass or remote vector is present. The impact is limited to availability loss (system crash/reboot) with no data confidentiality or integrity compromise.
Defensive priority
medium
Recommended defensive actions
- Restrict interactive shell access to the GNU/Linux subsystem to trusted personnel only
- Build and run applications exclusively from trusted sources
- Monitor for anomalous local process activity on affected systems
- Apply vendor patches when Siemens releases a fix
- Segment affected industrial control systems from untrusted networks
Evidence notes
The vulnerability description and affected product information are derived from CISA CSAF advisory ICSA-24-102-01. The CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H confirms local attack scope with availability impact only. Siemens CSAF reference SSA-265688 provides vendor-specific context. The revision history shows this CVE was added in Additional Release 8 on August 12, 2025, indicating it was among 147 CVEs added to this advisory at that time.
Official resources
-
CVE-2025-21744 CVE record
CVE.org
-
CVE-2025-21744 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09