PatchSiren cyber security CVE debrief
CVE-2025-22252 Siemens CVE debrief
CVE-2025-22252 is a critical authentication-bypass issue published in the CISA/Siemens advisory record on 2025-02-11. The supplied corpus describes a missing authentication for a critical function that can let an attacker who already knows an existing admin account gain valid admin access under a TACACS+ remote-auth configuration that uses ASCII authentication. Because the source corpus also contains conflicting product text and remediation details, defenders should treat the exact affected-platform mapping as requiring validation against the Siemens advisory and product guidance before taking action.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-02-11
- Original CVE updated
- 2026-03-12
- Advisory published
- 2025-02-11
- Advisory updated
- 2026-03-12
Who should care
Security and operations teams responsible for Siemens RUGGEDCOM APE1808, especially administrators who rely on remote TACACS+ for device management authentication. Also relevant to teams that maintain asset inventories, management-plane controls, and identity/authentication dependencies across industrial or remote-managed environments.
Technical summary
The advisory record maps CVE-2025-22252 to a network-reachable authentication bypass with CVSS 3.1 9.8. The corpus describes a missing authentication condition affecting a critical function, with impact that can expose administrative access without the intended authentication controls. The record specifically mentions TACACS+ configured to use a remote TACACS+ server and ASCII authentication as the trigger condition, but the supplied source material also contains inconsistent FortiOS/FortiProxy/FortiSwitchManager language alongside Siemens product metadata, so the affected-product interpretation should be verified directly from the vendor advisory before remediation is applied.
Defensive priority
Immediate. The issue is rated Critical (9.8) and is described as a network-accessible authentication bypass with potential full confidentiality, integrity, and availability impact.
Recommended defensive actions
- Verify the exact affected asset list and configuration against Siemens ProductCERT advisory SSA-770770 and CISA ICSA-25-044-06 before making changes.
- Apply the vendor-provided fix or support guidance for the confirmed affected product as soon as possible.
- Where applicable, replace ASCII-based TACACS+ authentication with an alternate method noted in the corpus such as PAP, MSCHAP, or CHAP.
- Restrict management-plane access and limit who can reach TACACS+ and administrative interfaces until the affected configuration is corrected.
- Review admin account activity, recent logins, and configuration changes for unexpected access, and rotate administrative credentials if exposure is suspected.
Evidence notes
The supplied source item is CISA CSAF ICSA-25-044-06, published 2025-02-11 and republished by CISA on 2026-03-12. Its revision history shows later additions and a final republication update based on Siemens ProductCERT SSA-770770. The corpus includes Siemens advisory references, but the vulnerability description and remediation text conflict with the Siemens RUGGEDCOM APE1808 product metadata by referring to FortiOS/FortiProxy/FortiSwitchManager and FortiGate NGFW V7.4.7. Because of that inconsistency, the safest defensive reading is to validate the exact product/component from the original vendor advisory before deploying remediation.
Official resources
-
CVE-2025-22252 CVE record
CVE.org
-
CVE-2025-22252 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the CISA/Siemens advisory record on 2025-02-11, with a CISA republication update on 2026-03-12. This debrief uses those advisory dates for timing context.