PatchSiren cyber security CVE debrief
CVE-2025-25266 Siemens CVE debrief
CVE-2025-25266 is a medium-severity access-control issue in Siemens Tecnomatix Plant Simulation that can allow unauthorized file deletion. CISA’s advisory describes the problem as insufficient restriction on file deletion functionality, which could lead to data loss or modification of system files. Siemens and CISA list fixed versions for both affected release trains.
- Vendor
- Siemens
- Product
- Tecnomatix Plant Simulation V2302
- CVSS
- MEDIUM 6.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-03-11
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-03-11
- Advisory updated
- 2025-05-06
Who should care
Administrators and engineers responsible for Siemens Tecnomatix Plant Simulation V2302 or V2404, as well as OT/ICS security teams, endpoint administrators, and vulnerability management teams that support engineering workstations or other systems running the application.
Technical summary
The advisory states that the application does not properly restrict access to file deletion functionality. The CVSS vector provided by the source is CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L, indicating a local attack vector with no privileges or user interaction required. The primary impact is integrity loss through unauthorized deletion of files, with potential secondary availability impact. The source corpus does not indicate public exploitation or KEV listing.
Defensive priority
Medium. Patch promptly on any system running the affected product, especially shared engineering workstations or environments where local access is not tightly controlled.
Recommended defensive actions
- Update Siemens Tecnomatix Plant Simulation V2302 to V2302.0021 or later.
- Update Siemens Tecnomatix Plant Simulation V2404 to V2404.0010 or later.
- Inventory systems to confirm whether V2302 or V2404 is installed before scheduling remediation.
- Restrict local access to affected systems and follow least-privilege practices for users who do not need file-management capabilities.
- Use defense-in-depth controls recommended for industrial control environments, including backup and recovery planning and integrity monitoring where appropriate.
- Review access controls and administrative separation on engineering workstations and other shared endpoints that may run the application.
Evidence notes
The vulnerability description, affected products, CVSS vector, publication date, modification date, and remediation versions are taken from the supplied CISA CSAF source item for ICSA-25-072-08 and its linked Siemens advisory references. The advisory was published on 2025-03-11 and revised on 2025-05-06 for typo fixes only. The corpus shows no KEV listing and no known ransomware campaign use.
Official resources
-
CVE-2025-25266 CVE record
CVE.org
-
CVE-2025-25266 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA advisory ICSA-25-072-08 on 2025-03-11, with a later non-substantive revision on 2025-05-06. Siemens advisory SSA-507653 is referenced by the source corpus.