PatchSiren cyber security CVE debrief
CVE-2025-23364 Siemens CVE debrief
CVE-2025-23364 affects Siemens TIA Administrator and was published on 2025-07-08 in CISA advisory ICSA-25-191-03. The issue is an improper validation of code-signing certificates, which could let an attacker bypass the check and execute arbitrary code during installations. Siemens and CISA list a vendor fix in version 3.0.6 or later. The supplied CVSS v3.1 vector rates the issue as medium severity (6.2), and the enrichment data does not mark it as CISA KEV-listed.
- Vendor
- Siemens
- Product
- TIA Administrator
- CVSS
- MEDIUM 6.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-07-08
- Original CVE updated
- 2025-07-08
- Advisory published
- 2025-07-08
- Advisory updated
- 2025-07-08
Who should care
Organizations that deploy or manage Siemens TIA Administrator, especially teams responsible for software installation, endpoint hardening, and industrial/OT administrative workstations. Security teams should also care because the flaw involves code execution during installation flows, which can affect trusted software deployment processes.
Technical summary
The advisory describes improper validation of code-signing certificates in Siemens TIA Administrator. If the certificate check can be bypassed, an attacker may be able to get arbitrary code executed during installation. The provided CVSS vector is AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N, indicating a local attack path with integrity impact as the primary concern. The supplier remediation is to update to version 3.0.6 or later.
Defensive priority
Medium. This is a code-execution-related installation trust flaw with integrity impact, but the supplied data does not indicate KEV listing or ransomware association. Prioritize remediation for exposed TIA Administrator deployments and systems used to install or update trusted software.
Recommended defensive actions
- Update Siemens TIA Administrator to version 3.0.6 or later as directed by the vendor advisory.
- Inventory where TIA Administrator is installed so affected endpoints can be patched quickly.
- Restrict local administrative access on systems used for software installation and maintenance.
- Review software deployment and installation controls to ensure certificate validation failures cannot be bypassed silently.
- Monitor Siemens and CISA advisories for any updated guidance or revised remediation details.
Evidence notes
All statements are grounded in the supplied CISA CSAF advisory data for ICSA-25-191-03 and the referenced Siemens advisory. The published/modified date used here is 2025-07-08, matching the supplied CVE and source timeline. The enrichment fields supplied for this record indicate no KEV listing and no known ransomware campaign use.
Official resources
-
CVE-2025-23364 CVE record
CVE.org
-
CVE-2025-23364 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA and Siemens published the advisory on 2025-07-08. The supplied record does not indicate KEV inclusion or ransomware campaign use.