PatchSiren cyber security CVE debrief
CVE-2025-21848 Siemens CVE debrief
CVE-2025-21848 is a null pointer dereference issue in the Linux kernel nfp BPF path, where nfp_bpf_cmsg_alloc() should check the return value of nfp_app_ctrl_msg_alloc(). Siemens’ advisory maps this issue to several SIMATIC S7-1500 CPU family products and states that no fix is currently available. The practical concern in the supplied advisory is availability impact rather than confidentiality or integrity loss.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-10
- Original CVE updated
- 2026-05-14
- Advisory published
- 2025-06-10
- Advisory updated
- 2026-05-14
Who should care
Siemens SIMATIC S7-1500 operators and integrators, especially anyone running the listed CPU models in production or using the additional GNU/Linux subsystem and its shell access.
Technical summary
The supplied description says the kernel fix adds a missing return-value check for nfp_app_ctrl_msg_alloc() inside nfp_bpf_cmsg_alloc() to prevent a null pointer dereference. The CISA-republished Siemens CSAF advisory (ICSA-25-162-05 / SSA-082556) lists five affected SIMATIC S7-1500 CPU product variants and gives CVSS v3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating a local, low-privilege condition with high availability impact. The advisory also states that no fix is currently available.
Defensive priority
Medium overall, but treat as time-sensitive for affected production CPUs because the advisory lists no fix and only mitigation guidance.
Recommended defensive actions
- Identify whether any of the five listed Siemens SIMATIC S7-1500 CPU variants are deployed in your environment.
- Restrict access to the interactive shell of the additional GNU/Linux subsystem to trusted personnel only.
- Only build and run applications from trusted sources on affected systems.
- Apply Siemens and CISA defense-in-depth guidance and segment affected industrial control assets where possible.
- Monitor Siemens ProductCERT and CISA advisory updates for a future fix or revised mitigation guidance.
Evidence notes
Grounded in the supplied CISA CSAF source ICSA-25-162-05 (SSA-082556), initially published 2025-06-10 and last updated 2026-05-14. The advisory lists five affected Siemens products, states 'Currently no fix is available,' and includes mitigations limiting shell access and trusting application sources. The description explicitly ties the issue to a missing return-value check for nfp_app_ctrl_msg_alloc() in nfp_bpf_cmsg_alloc() to prevent a null pointer dereference. The provided CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. No KEV listing is indicated in the supplied enrichment.
Official resources
-
CVE-2025-21848 CVE record
CVE.org
-
CVE-2025-21848 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the CISA-republished Siemens advisory on 2025-06-10; latest source update is 2026-05-14. Not listed in CISA KEV in the supplied enrichment.