PatchSiren cyber security CVE debrief
CVE-2025-22251 Siemens CVE debrief
CVE-2025-22251 is a low-severity issue published by CISA on 2025-02-11 and updated through 2026-03-12. The source advisory ties the CVE to Siemens RUGGEDCOM APE1808 and describes an improper restriction of communication channels (CWE-923) that may let an unauthenticated attacker inject unauthorized sessions using crafted FGSP session synchronization packets. Because the corpus also contains FortiOS/FortiGate wording inside the CVE description and remediation text, operators should validate applicability against the Siemens advisory and their own asset inventory before acting on any patch guidance.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- LOW 3.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-02-11
- Original CVE updated
- 2026-03-12
- Advisory published
- 2025-02-11
- Advisory updated
- 2026-03-12
Who should care
Siemens RUGGEDCOM APE1808 owners and operators, OT/ICS security teams, and network administrators responsible for segmentation, session synchronization traffic, and edge device patching.
Technical summary
The advisory describes a communication-channel restriction flaw (CWE-923) that could allow session injection when crafted FGSP session synchronization packets are accepted from unintended endpoints. The source record associates the CVE with Siemens RUGGEDCOM APE1808, but the included vulnerability text references FortiOS/FortiGate versions and a Fortigate NGFW update path. That inconsistency means defenders should confirm the affected product and remediation path using the Siemens ProductCERT and CISA advisory references before making changes.
Defensive priority
Medium: low CVSS, but verify exposure promptly because the issue is network-reachable and affects session integrity in an ICS/OT context.
Recommended defensive actions
- Confirm whether any Siemens RUGGEDCOM APE1808 assets are present and whether they match the Siemens advisory scope.
- Review Siemens ProductCERT advisory SSA-770770 and CISA advisory ICSA-25-044-06 for the authoritative remediation path.
- Restrict access to device management and synchronization channels to trusted endpoints and enforce network segmentation.
- Monitor for abnormal session synchronization traffic and apply CISA ICS recommended practices for OT defense-in-depth.
- If the device is in scope, apply the vendor-provided fix or update guidance after maintenance planning and validation.
Evidence notes
The supplied CISA CSAF source item lists CVE-2025-22251 under ICSA-25-044-06 for Siemens RUGGEDCOM APE1808, and the revision history shows publication on 2025-02-11 with later updates through 2026-03-12. The CVE description states an improper restriction of communication channel to intended endpoints (CWE-923) that may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization packets. The source references Siemens ProductCERT SSA-770770, the CISA ICS advisory, the official CVE record, and CISA ICS guidance. The corpus also contains a product/vendor text mismatch: the product tree says Siemens RUGGEDCOM APE1808, while the vulnerability description and remediation text mention FortiOS/FortiGate and Fortigate NGFW V7.4.7. That discrepancy is important and should be resolved against the official vendor advisory before remediation.
Official resources
-
CVE-2025-22251 CVE record
CVE.org
-
CVE-2025-22251 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Published by CISA as ICSA-25-044-06 on 2025-02-11 and updated through 2026-03-12. The source record is not listed in CISA KEV. The corpus includes a Siemens product mapping but also FortiOS/FortiGate wording in the vulnerability and fixtext