PatchSiren cyber security CVE debrief
CVE-2025-32825 Siemens CVE debrief
CVE-2025-32825 is a high-severity SQL injection issue affecting Siemens TeleControl Server Basic. According to the CISA/Siemens advisory published on 2025-04-16, an authenticated remote attacker who can reach port 8000 on a vulnerable system may bypass authorization controls, read and write the application database, and potentially execute code as NT AUTHORITY\NetworkService. Siemens and CISA updated the advisory on 2025-05-06 with revision notes limited to typo fixes. The supplied enrichment does not list this CVE in KEV.
- Vendor
- Siemens
- Product
- TeleControl Server Basic
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-16
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-04-16
- Advisory updated
- 2025-05-06
Who should care
ICS/OT defenders, Siemens TeleControl Server Basic administrators, network/security teams controlling access to port 8000, and incident responders supporting environments where the product is exposed to untrusted or broad network access.
Technical summary
The advisory describes an SQL injection vulnerability in the internally used GetProjects method of Siemens TeleControl Server Basic. The attack requires authentication and network access to port 8000 on a system running a vulnerable version. Successful exploitation can bypass authorization, expose database contents, modify database data, and execute code with NT AUTHORITY\NetworkService permissions. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, scoring 8.8 (HIGH).
Defensive priority
High priority: patch and restrict exposure promptly, especially where port 8000 is reachable beyond tightly controlled trust boundaries.
Recommended defensive actions
- Update Siemens TeleControl Server Basic to V3.1.2.2 or later.
- Restrict access to port 8000 on affected systems to trusted IP addresses only.
- Review network segmentation and firewall rules so the product is not reachable from untrusted networks.
- Verify authenticated access paths and remove unnecessary accounts or permissions that could be used against the service.
- Check Siemens and CISA advisory references for product-specific remediation guidance and operational considerations.
Evidence notes
All core facts in this debrief come from the supplied CISA CSAF source item and its embedded Siemens remediation data: the vulnerable component is TeleControl Server Basic, the flaw is SQL injection in GetProjects, exploitation requires authenticated network access to port 8000, impact includes authorization bypass, database read/write, and code execution as NT AUTHORITY\NetworkService, and the remediation is to update to V3.1.2.2 or later and restrict port 8000 to trusted IPs. Publication date used here is 2025-04-16, with a 2025-05-06 revision for typo fixes.
Official resources
-
CVE-2025-32825 CVE record
CVE.org
-
CVE-2025-32825 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Published by CISA and Siemens on 2025-04-16; revised on 2025-05-06 with typo fixes. No KEV listing is present in the supplied enrichment.