PatchSiren cyber security CVE debrief
CVE-2025-32833 Siemens CVE debrief
CVE-2025-32833 is a high-severity SQL injection vulnerability in Siemens TeleControl Server Basic. According to the CISA CSAF advisory and Siemens security advisory, the flaw affects the internally used UnlockProjectUserRights method and can let an authenticated remote attacker bypass authorization controls, read and write the application database, and execute code as NT AUTHORITY\\NetworkService. The vendor and CISA both note that exploitation requires network access to port 8000 on a vulnerable system.
- Vendor
- Siemens
- Product
- TeleControl Server Basic
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-16
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-04-16
- Advisory updated
- 2025-05-06
Who should care
OT/ICS defenders, Siemens TeleControl Server Basic administrators, SOC teams monitoring externally reachable industrial services, and vulnerability management teams responsible for Windows-based server applications exposed on port 8000.
Technical summary
The advisory describes an SQL injection condition in TeleControl Server Basic’s UnlockProjectUserRights method. The impact includes authorization bypass, database read/write access, and remote code execution under the NetworkService account. The CVSS vector supplied in the source is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, reflecting that an attacker needs some authenticated access but no user interaction. CISA’s remediation guidance includes restricting port 8000 to trusted IPs and updating to V3.1.2.2 or later.
Defensive priority
High. This is internet-reachable only if port 8000 is exposed, but the impact is severe enough to prioritize rapid patching and access restriction wherever TeleControl Server Basic is deployed.
Recommended defensive actions
- Update Siemens TeleControl Server Basic to V3.1.2.2 or later.
- Restrict access to port 8000 on affected systems to trusted IP addresses only.
- Audit deployments to identify any TeleControl Server Basic instances reachable from untrusted networks.
- Review authentication and authorization logs for unusual use of the UnlockProjectUserRights-related workflow.
- Apply standard ICS defense-in-depth controls for segmented network access and least privilege.
Evidence notes
Primary facts come from the CISA CSAF advisory ICSA-25-112-01 and Siemens advisory SSA-443402, both referenced in the source corpus. The supplied source states the vulnerability is SQL injection in UnlockProjectUserRights, that exploitation requires an authenticated remote attacker with access to port 8000, and that the impact includes database access and execution as NT AUTHORITY\\NetworkService. The source revision history shows a 2025-05-06 revision for typo fixes only.
Official resources
-
CVE-2025-32833 CVE record
CVE.org
-
CVE-2025-32833 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Published 2025-04-16 UTC; modified 2025-05-06 UTC. The source advisory’s revision history indicates the May 6 update fixed typos only.