CVE-2025-29999 Siemens CVE debrief

Who should care

Organizations running Siemens License Server (SLS), especially administrators responsible for Windows hosts in operational technology or industrial environments. Also relevant to security teams enforcing least privilege and write-access controls on application directories.

Technical summary

The advisory describes a directory-validation weakness in Siemens License Server (SLS): the software searches for executables in its application folder without proper validation. If an attacker can place a malicious executable in that directory, the application may run it with administrative privileges. The CVSS vector provided by the source is AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H, indicating local access, low privileges, and user interaction are required, but the potential impact is high.

Defensive priority

Medium-to-high priority for affected deployments. The issue is rated CVSS 6.7 (Medium), but the potential outcome is administrative code execution on the SLS host, so upgrading should be prioritized.

Recommended defensive actions

• Update Siemens License Server (SLS) to V4.3 or later.
• Restrict write access to the application folder so only trusted administrators and service accounts can modify it.
• Review the SLS host for unexpected executables or recent file changes in the application directory.
• Limit local access and enforce least privilege on systems running SLS.
• Use application control or allowlisting where appropriate to reduce the risk of unintended executable launch.

Evidence notes

This debrief is based on the CISA CSAF advisory ICSA-25-100-01 and Siemens advisory references for Siemens License Server (SLS). The source description states that improper validation of executable files in the application folder could allow arbitrary code execution with administrative privileges. The source revision history shows the 2025-05-06 update was a typo-fix revision, not a new disclosure date.

Official resources