PatchSiren cyber security CVE debrief
CVE-2025-21795 Siemens CVE debrief
CVE-2025-21795 is an availability issue in the NFSD shutdown path that can leave nfsd4_shutdown_callback waiting when an nfs4_client is in courtesy state. In Siemens’ advisory for the SIMATIC S7-1500 CPU family, the result is a prolonged hang of roughly 15 minutes until TCP indicates the connection was dropped. CISA republishes the Siemens advisory for the affected CPU variants, and the source set indicates no fix was available at publication.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-10
- Original CVE updated
- 2026-05-14
- Advisory published
- 2025-06-10
- Advisory updated
- 2026-05-14
Who should care
Siemens SIMATIC S7-1500 CPU operators, OT/ICS administrators, and teams managing the device’s additional GNU/Linux subsystem should pay attention. This is most relevant where availability of the controller or its Linux/NFSD-dependent functions matters and where local access is possible.
Technical summary
The source description says NFSD can hang in nfsd4_shutdown_callback because a courtesy-state nfs4_client does not need a callback, yet cl_cb_inflight remains non-zero while the callback path waits. The advisory ties the issue to Siemens SIMATIC S7-1500 CPU family products and notes a roughly 15-minute delay before TCP notifies NFSD that the connection was dropped. The supplied CVSS vector is AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local, low-privilege conditions with high availability impact only.
Defensive priority
Medium. The issue is not credential theft or code execution, but it can stall NFSD-related activity and temporarily affect service availability on affected Siemens systems. Prioritize if the device relies on the GNU/Linux subsystem or NFS-related functionality and if uptime is operationally important.
Recommended defensive actions
- Review whether any affected SIMATIC S7-1500 CPU models are in use: 6ES7518-4AX00-1AB0, 6ES7518-4AX00-1AC0, 6ES7518-4FX00-1AB0, 6ES7518-4FX00-1AC0, and 6AG1518-4AX00-4AC0.
- Apply Siemens and CISA guidance from the referenced advisory pages for operational mitigations and monitoring.
- Limit access to the additional GNU/Linux subsystem shell to trusted personnel only, as recommended in the source advisory.
- Only build and run applications from trusted sources on affected systems, as recommended in the source advisory.
- Plan for availability impacts and monitoring around NFSD behavior, especially if local access or subsystem usage is possible.
- Track Siemens/CISA updates for a fixed version or additional remediation guidance, since the source set states no fix was available at publication.
Evidence notes
All key claims are supported by the supplied CISA CSAF source item and its listed Siemens/CISA references. The advisory metadata identifies the affected Siemens SIMATIC S7-1500 CPU family, the issue description states the NFSD shutdown hang and ~15-minute delay, the CVSS vector is provided in the source, and the remediation field states that no fix is currently available. No KEV entry is listed in the supplied enrichment.
Official resources
-
CVE-2025-21795 CVE record
CVE.org
-
CVE-2025-21795 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2025-06-10 in CISA’s ICS advisory ICSA-25-162-05, which republishes Siemens ProductCERT advisory SSA-082556. The source set shows a latest CISA republication update on 2026-05-14 and no KEV listing.