CVE-2025-3198 Siemens CVE debrief

Who should care

Operators and administrators of the affected Siemens SIMATIC S7-1500 CPU 1518/1518F MFP variants, especially environments that expose the additional GNU/Linux subsystem or allow local shell access.

Technical summary

The source corpus describes a memory leak in GNU Binutils' objdump component, in binutils/bucomm.c within the display_info function. Siemens' CSAF advisory maps CVE-2025-3198 to five SIMATIC/SIPLUS S7-1500 CPU product variants. The supplied CVSS vector is AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L, which aligns with a local issue that has limited availability impact and no confidentiality or integrity impact in the provided scoring. The advisory notes public exploit disclosure and, for the affected Siemens products, lists no currently available fix.

Defensive priority

Low

Recommended defensive actions

• Limit access to the interactive shell of the additional GNU/Linux subsystem to trusted personnel only.
• Only build and run applications from trusted sources.
• Monitor Siemens ProductCERT and CISA advisory updates for a vendor fix or updated guidance.
• Review local account access on affected systems and remove unnecessary interactive access.
• Treat the issue as a local hardening concern rather than a remote exposure, but still prioritize remediation in environments where untrusted local access is possible.

Evidence notes

This debrief is grounded in the supplied CISA CSAF source item ICSA-25-162-05 and its linked Siemens advisory references. The source publication date is 2025-06-10 and the latest supplied modification date is 2026-05-14; those dates are used only as advisory timing context. The source text explicitly states: GNU Binutils 2.43/2.44, objdump/binutils/bucomm.c display_info, memory leak, local attack path, public exploit disclosure, and 'currently no fix is available' for the affected Siemens products.

Official resources