PatchSiren cyber security CVE debrief
CVE-2025-30000 Siemens CVE debrief
CVE-2025-30000 affects Siemens License Server (SLS) and can allow a low-privileged attacker to escalate privileges because user permissions are not properly restricted. The issue was published on 2025-04-08 and later revised on 2025-05-06 for typos only. Siemens’ remediation in the supplied advisory is to update to V4.3 or later.
- Vendor
- Siemens
- Product
- Unknown
- CVSS
- MEDIUM 6.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-08
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-04-08
- Advisory updated
- 2025-05-06
Who should care
Administrators and security teams responsible for Siemens License Server (SLS), especially in industrial control or engineering environments where multiple users may share access. Any deployment that relies on SLS access controls should review whether low-privileged users can interact with the affected service.
Technical summary
The supplied advisory describes a permissions-control weakness in Siemens License Server (SLS): the application does not properly restrict user permissions, which could let a low-privileged attacker escalate privileges. The CVSS v3.1 vector is AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H, indicating local access, low privileges, and user interaction are required, but the potential impact is high across confidentiality, integrity, and availability.
Defensive priority
Medium. Patch should be prioritized for exposed or shared SLS installations because the issue can lead to privilege escalation, but the source corpus does not indicate active exploitation or KEV inclusion.
Recommended defensive actions
- Update Siemens License Server (SLS) to V4.3 or later, per the vendor remediation in the advisory.
- Review local access controls and account separation around SLS deployments to reduce the chance that low-privileged users can reach sensitive functions.
- Verify which hosts run the affected product and confirm remediation on all instances, including test or secondary systems.
- Recheck the vendor advisory and CISA notice for any additional product-specific guidance or updates.
- Apply standard industrial-control-system defense-in-depth practices for administrative access, least privilege, and segmentation.
Evidence notes
The source corpus identifies Siemens as the vendor and Siemens License Server (SLS) as the affected product, with advisory ID ICSA-25-100-01. The advisory description states that the application does not properly restrict user permissions and that a low-privileged attacker could escalate privileges. The remediation field recommends updating to V4.3 or later. The CVSS vector supplied with the advisory is CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H. The revision history shows the 2025-05-06 change was a typo fix only.
Official resources
-
CVE-2025-30000 CVE record
CVE.org
-
CVE-2025-30000 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory published by CISA on 2025-04-08 and revised on 2025-05-06 for typographical corrections only. No KEV listing is present in the supplied corpus.