PatchSiren cyber security CVE debrief
CVE-2025-21763 Siemens CVE debrief
CVE-2025-21763 is a HIGH severity vulnerability (CVSS 7.8) affecting the Linux kernel's neighbour subsystem, specifically in the `__neigh_notify()` function. The issue involves missing RCU (Read-Copy-Update) protection, which can lead to use-after-free conditions. This vulnerability was published on 2024-04-09 and most recently modified on 2026-05-14. Siemens has identified this as affecting the GNU/Linux subsystem of their SIMATIC S7-1500 TM MFP industrial control product. The vulnerability requires local access with low privileges, but successful exploitation can result in complete confidentiality, integrity, and availability compromise. No patch is currently available from Siemens; mitigation relies on access controls and trusted application practices.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Industrial control system operators, OT security teams, and asset owners deploying Siemens SIMATIC S7-1500 TM MFP units should prioritize this vulnerability. Organizations in manufacturing, process control, and critical infrastructure sectors with these devices require immediate attention due to the lack of available patches. Security architects responsible for OT network segmentation and defense-in-depth strategies need to evaluate compensating controls. System integrators and maintenance personnel with interactive shell access to the GNU/Linux subsystem represent a key risk vector requiring access control review.
Technical summary
The vulnerability exists in the Linux kernel's neighbour subsystem within the `__neigh_notify()` function. The function lacks proper RCU (Read-Copy-Update) synchronization protection, creating a race condition window where memory can be accessed after being freed. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates a local attack vector with low attack complexity, requiring low privileges but no user interaction. Successful exploitation yields high impact across confidentiality, integrity, and availability. The affected product is the GNU/Linux subsystem embedded in Siemens SIMATIC S7-1500 TM MFP, an industrial technology CPU with multifunctional platform capabilities. This subsystem provides a separate Linux environment for custom applications, distinct from the primary PLC runtime.
Defensive priority
HIGH
Recommended defensive actions
- Restrict interactive shell access to the GNU/Linux subsystem to trusted personnel only
- Build and run applications exclusively from trusted sources
- Monitor for future Siemens security advisories regarding patch availability
- Apply defense-in-depth strategies for industrial control system environments
- Review network segmentation to limit lateral movement opportunities
Evidence notes
Vulnerability description and affected product information sourced from CISA CSAF advisory ICSA-24-102-01. CVSS vector confirms local attack vector with high impact potential. Siemens advisory SSA-265688 provides product-specific context. Remediation status explicitly states no fix available as of advisory publication.
Official resources
-
CVE-2025-21763 CVE record
CVE.org
-
CVE-2025-21763 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09