PatchSiren cyber security CVE debrief
CVE-2025-21765 Siemens CVE debrief
CVE-2025-21765 is a medium-severity availability issue tied to IPv6 handling in ip6_default_advmss(). The source description says the function needs RCU protection so the net structure it reads does not disappear. In the Siemens/CISA advisory corpus, the issue is mapped to five Siemens SIMATIC S7-1500 CPU MFP product variants, with no fix available in the cited advisory and compensating mitigations instead.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-10
- Original CVE updated
- 2026-05-14
- Advisory published
- 2025-06-10
- Advisory updated
- 2026-05-14
Who should care
Siemens SIMATIC S7-1500 operators, OT security teams, and maintainers responsible for the listed CPU 1518/1518F MFP variants and the SIPLUS variant, especially where the additional GNU/Linux subsystem is used or exposed.
Technical summary
The supplied CVE text describes an IPv6 kernel-path race/synchronization issue: ip6_default_advmss() must use RCU protection to ensure the referenced net structure remains valid while being read. The advisory metadata associates this CVE with Siemens SIMATIC S7-1500 CPU family products, including five affected product identifiers. The CVSS vector indicates local attack conditions and high availability impact, with no confidentiality or integrity impact scored. The advisory states that no fix is currently available and recommends compensating controls for the affected products.
Defensive priority
Medium priority for affected deployments, with elevated urgency if the listed Siemens CPUs are in active use and the GNU/Linux subsystem is enabled or exposed.
Recommended defensive actions
- Inventory whether any of the five Siemens products listed in the advisory are deployed in your environment.
- Treat the advisory as no-fix-for-now and apply compensating controls rather than waiting for a patch.
- Limit access to the interactive shell of the additional GNU/Linux subsystem to trusted personnel only.
- Only build and run applications from trusted sources, as recommended in the advisory.
- Apply CISA ICS recommended practices and defense-in-depth controls, including segmentation and least-privilege access.
- Monitor the Siemens ProductCERT and CISA advisory pages for updates or a future remediation release.
Evidence notes
The source corpus includes CISA CSAF advisory ICSA-25-162-05, republished from Siemens ProductCERT SSA-082556, with publication on 2025-06-10 and latest update on 2026-05-14. The advisory lists five affected Siemens SIMATIC S7-1500 CPU MFP variants and states that currently no fix is available. The CVE description supplied with the corpus identifies the underlying issue as an IPv6 ip6_default_advmss() RCU protection problem. Because the advisory scope is product-specific, the safest reading is to keep conclusions limited to the listed Siemens products and the documented GNU/Linux subsystem mitigations.
Official resources
-
CVE-2025-21765 CVE record
CVE.org
-
CVE-2025-21765 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory first published by CISA on 2025-06-10 and updated through 2026-05-14. The cited advisory corpus indicates no fix was available at the time reflected in the source material.