PatchSiren cyber security CVE debrief
CVE-2025-25248 Siemens CVE debrief
CVE-2025-25248 is a medium-severity availability issue tied to an integer overflow/wraparound in SSL-VPN RDP and VNC bookmark handling. According to the supplied advisory text, an authenticated user may be able to affect SSL-VPN availability via crafted requests. The corpus also shows a metadata inconsistency: the CVE description names FortiOS, FortiProxy, and FortiPAM, while the source item is labeled Siemens RUGGEDCOM APE1808. The debrief below follows the CVE description and remediation fields and flags that mismatch.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-05-13
- Original CVE updated
- 2026-02-12
- Advisory published
- 2025-05-13
- Advisory updated
- 2026-02-12
Who should care
Security and operations teams that manage SSL-VPN deployments and bookmark-driven remote-access workflows, especially environments using the affected Fortinet product lines named in the CVE text. Incident responders should also watch for authentication-side availability disruptions.
Technical summary
The advisory describes CWE-190 integer overflow/wraparound in SSL-VPN RDP/VNC bookmark processing. The impact is availability-only: a network-accessible authenticated attacker with low privileges and no user interaction may be able to degrade or disrupt SSL-VPN service. The provided CVSS vector is CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RC:R, which aligns with a difficult-but-feasible availability impact rather than code execution or data exposure.
Defensive priority
Medium
Recommended defensive actions
- Apply the vendor remediation listed in the source corpus: update Fortigate NGFW to V7.4.9 or later using the secure update procedure.
- Inventory SSL-VPN exposure and confirm whether RDP and VNC bookmark features are enabled or necessary.
- Monitor authentication and VPN logs for unusual request patterns, repeated failures, or availability degradation affecting SSL-VPN services.
- Follow CISA ICS recommended practices and defense-in-depth guidance for segmentation, least privilege, and service hardening.
- Track the CISA/Siemens advisory revisions for remediation updates before and after deployment.
Evidence notes
The supplied timeline indicates publication on 2025-05-13, with later source revisions on 2025-09-09, 2026-01-22, and 2026-02-12; those are advisory update dates, not the original vulnerability issue date. No KEV listing is present in the provided corpus. The CVSS vector indicates network reachability, high attack complexity, low privileges, no user interaction, and availability impact only. The source corpus contains an internal vendor/product mismatch: the advisory metadata labels Siemens RUGGEDCOM APE1808, while the CVE description and remediation text reference FortiOS/FortiProxy/FortiPAM and Fortigate NGFW.
Official resources
-
CVE-2025-25248 CVE record
CVE.org
-
CVE-2025-25248 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the supplied CISA CSAF source on 2025-05-13 and later republished/updated through 2026-02-12. No KEV entry is present in the provided corpus.