PatchSiren cyber security CVE debrief
CVE-2025-21758 Siemens CVE debrief
CVE-2025-21758 is a medium-severity issue described as missing RCU protection in the IPv6 multicast path around mld_newpack(). In the Siemens/CISA advisory context, it applies to specific SIMATIC S7-1500 CPU variants that include an additional GNU/Linux subsystem, with no fix available at publication time.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-10
- Original CVE updated
- 2026-05-14
- Advisory published
- 2025-06-10
- Advisory updated
- 2026-05-14
Who should care
Operators, engineers, and defenders responsible for the affected Siemens SIMATIC S7-1500 CPU models, especially environments using the additional GNU/Linux subsystem or interactive shell. Asset owners should also care if they rely on these controllers in production OT networks and need to reduce exposure while waiting for a vendor fix.
Technical summary
The CVE description states that ipv6: mcast: add RCU protection to mld_newpack() because mld_newpack() can be called without RTNL or RCU being held. In the supplied Siemens advisory, the impact is tied to five SIMATIC S7-1500 CPU product variants and the remediation guidance focuses on restricting access to the additional GNU/Linux subsystem and only running trusted applications. The advisory also states that no fix is currently available.
Defensive priority
Medium. The CVSS vector provided is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating a locally reachable availability-impact issue rather than a remote code execution problem. Priority rises for sites where the affected CPUs are deployed with broader local access or exposed GNU/Linux subsystem access.
Recommended defensive actions
- Restrict access to the interactive shell of the additional GNU/Linux subsystem to trusted personnel only.
- Only build and run applications from trusted sources on the affected devices.
- Inventory the listed affected product variants and confirm whether any deployed units match the advisory scope.
- Apply Siemens/CISA updates and monitor the Siemens ProductCERT advisory for a fix, since the supplied advisory says no fix is currently available.
- Limit local access paths and review OT administrative controls that could allow untrusted users to reach the subsystem shell.
Evidence notes
The advisory corpus identifies the affected vendor as Siemens and lists five SIMATIC S7-1500 CPU product names under ICSA-25-162-05 / SSA-082556. The CVE was published on 2025-06-10 and later republished by CISA updates through 2026-05-14. The supplied remediation section explicitly says no fix is available and recommends restricting access to the additional GNU/Linux subsystem and using trusted software only. No KEV entry is provided in the source data.
Official resources
-
CVE-2025-21758 CVE record
CVE.org
-
CVE-2025-21758 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Published by CISA on 2025-06-10 (initial publication date in the supplied source corpus). The CISA republication was updated multiple times, with the latest supplied modification date of 2026-05-14. No KEV listing is provided in the source.