PatchSiren cyber security CVE debrief
CVE-2025-38067 Siemens CVE debrief
CVE-2025-38067 describes a Linux kernel rseq registration flaw that can trigger a segfault when rseq_cs is non-zero. In the supplied Siemens/CISA advisory context, the issue is mapped to specific SIMATIC S7-1500 CPU variants and the advisory lists no fix at the time of publication, only compensating mitigations.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-10
- Original CVE updated
- 2026-05-14
- Advisory published
- 2025-06-10
- Advisory updated
- 2026-05-14
Who should care
Operators and maintainers of the listed Siemens SIMATIC S7-1500 CPU variants, OT/ICS security teams, and anyone running the additional GNU/Linux subsystem or related software on affected deployments should pay attention.
Technical summary
The source description says the kernel does not currently enforce the documented requirement that user space zero rseq_cs before registration. If a non-zero value is present, return to user space can segfault because the pointer may not reference a valid struct rseq_cs. The advisory notes a kernel-side workaround that clears rseq_cs on registration to avoid crashes while preserving compatibility with older glibc behavior that reuses rseq areas without clearing the field. The supplied CVSS vector is AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, which aligns with a local availability-impact issue.
Defensive priority
Medium, with higher attention for environments that actually run the affected Siemens product variants.
Recommended defensive actions
- Confirm whether any of the listed affected Siemens SIMATIC S7-1500 CPU variants are deployed in your environment.
- Review Siemens/CISA advisory ICSA-25-162-05 and track for vendor updates, since the supplied advisory lists no fix available.
- Limit access to the interactive shell of the additional GNU/Linux subsystem to trusted personnel only.
- Only build and run applications from trusted sources on the affected systems.
- Plan compensating controls and maintenance windows around the availability risk rather than assuming a security patch is already available.
Evidence notes
Primary evidence comes from the CISA CSAF source item for ICSA-25-162-05 and its linked Siemens ProductCERT advisory SSA-082556. The source metadata shows publication on 2025-06-10 and a later republication update on 2026-05-14; those later updates should not be treated as the CVE issue date. The advisory content ties CVE-2025-38067 to five Siemens SIMATIC S7-1500 CPU product variants and states 'Currently no fix is available.'
Official resources
-
CVE-2025-38067 CVE record
CVE.org
-
CVE-2025-38067 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the supplied CISA CSAF advisory on 2025-06-10. The source record was later republished/updated on 2026-05-14, but the CVE publication date remains 2025-06-10. The advisory states that no fix was available at the time,并