PatchSiren cyber security CVE debrief
CVE-2025-38083 Siemens CVE debrief
CVE-2025-38083 is a race condition in the Linux kernel PRIO scheduler path that Siemens and CISA document in advisory ICSA-25-162-05 for affected SIMATIC S7-1500 CPU products. The issue can underflow a parent queue length and therefore create an availability risk. The supplied advisory data states that no fix was available at publication, so exposure reduction depends on access control and trusted-source practices until vendor remediation is available.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
- CVSS
- MEDIUM 4.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-10
- Original CVE updated
- 2026-05-14
- Advisory published
- 2025-06-10
- Advisory updated
- 2026-05-14
Who should care
OT and industrial automation teams operating the affected Siemens SIMATIC S7-1500 CPU 1518-4/1518F-4 PN/DP MFP and SIPLUS variants, especially environments that expose or use the additional GNU/Linux subsystem. Security teams responsible for patch tracking, device hardening, and maintenance windows should treat this as an availability issue.
Technical summary
According to the source description, the bug is a race in prio_tune() within the Linux kernel net_sched prio code path. When an SFQ perturb timer fires at the wrong time, one CPU can flush backlog and release the root lock while another CPU rehashes and reduces backlog, allowing the parent's qlen to underflow. The advisory says switching from qdisc_tree_flush_backlog() to qdisc_purge_queue() would avoid the race because packets are purged before the lock is released. The supplied CVSS vector is local, low-privilege, high-complexity, no-user-interaction, and availability-only.
Defensive priority
Medium priority for affected Siemens OT deployments; prioritize if the embedded GNU/Linux subsystem is enabled or if local shell access is broader than necessary.
Recommended defensive actions
- Inventory whether any affected Siemens SIMATIC S7-1500 CPU models are deployed: 1518-4 PN/DP MFP, 1518-4 PN/DP MFP (AC0), 1518F-4 PN/DP MFP, 1518F-4 PN/DP MFP (AC0), and SIPLUS 1518-4 PN/DP MFP.
- Limit access to the interactive shell of the additional GNU/Linux subsystem to trusted personnel only, as stated in the advisory.
- Only build and run applications from trusted sources on the affected systems, as stated in the advisory.
- Monitor Siemens ProductCERT and CISA for a fix or updated mitigation guidance, since the supplied advisory states that no fix was available at publication.
- Apply vendor remediation promptly once released and schedule maintenance to reduce operational risk during updates.
- Review local privilege boundaries and administrative access paths on the affected devices so that local misuse opportunities are minimized.
Evidence notes
This debrief is based only on the supplied CISA CSAF source item and its referenced Siemens/CISA advisory links. The source identifies the issue as CVE-2025-38083, publishes it on 2025-06-10, and shows a latest CISA republication update on 2026-05-14. The source remediation section explicitly says no fix was available at publication and recommends limiting shell access and using trusted sources. The supplied CVSS vector is CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H, supporting an availability-focused, local-impact assessment.
Official resources
-
CVE-2025-38083 CVE record
CVE.org
-
CVE-2025-38083 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the CISA CSAF advisory ICSA-25-162-05 on 2025-06-10, with the latest CISA republication update recorded on 2026-05-14.