PatchSiren cyber security CVE debrief
CVE-2025-38212 Siemens CVE debrief
CVE-2025-38212 is a HIGH-severity use-after-free issue in Linux kernel IPCS lookup handling that Siemens maps to several SIMATIC S7-1500 CPU family products. The supplied advisory says there is currently no fix available, so affected operators should rely on compensating controls and closely track Siemens ProductCERT and CISA updates.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-10
- Original CVE updated
- 2026-05-14
- Advisory published
- 2025-06-10
- Advisory updated
- 2026-05-14
Who should care
Siemens SIMATIC S7-1500 operators, OT/ICS asset owners, plant engineers, and security teams responsible for the listed CPU models should care, especially where local access to the device or its embedded GNU/Linux subsystem is possible.
Technical summary
The source description says idr_for_each() in shm_destroy_orphaned() was not sufficiently protected by an RCU read-side critical section. That can allow a radix_tree_node to be freed via call_rcu() while iteration continues, creating a use-after-free read condition. The advisory maps the issue to five Siemens SIMATIC S7-1500 CPU variants and reports no available fix in the supplied remediation data.
Defensive priority
High. The advisory is published for affected Siemens OT products, the issue is a memory-safety flaw with high CVSS impact, and the source corpus states there is currently no fix available.
Recommended defensive actions
- Inventory whether any of the affected Siemens CPU models are deployed: SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0), 6ES7518-4AX00-1AC0, 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0), 6ES7518-4FX00-1AC0, or SIPLUS
- Monitor Siemens ProductCERT SSA-082556 and CISA ICSA-25-162-05 for a vendor fix or updated guidance.
- Apply the source-listed compensating control to limit access to the interactive shell of the additional GNU/Linux subsystem to trusted personnel only.
- Follow the source-listed guidance to only build and run applications from trusted sources.
- Review local access paths and administrative accounts on affected systems so only necessary, trusted users can reach the device software surface.
- Maintain backups and recovery procedures for affected OT systems so you can respond if instability or memory corruption is observed.
Evidence notes
The supplied source corpus ties CVE-2025-38212 to CISA advisory ICSA-25-162-05 and Siemens ProductCERT SSA-082556, with affected products listed in the CSAF product tree for the Siemens SIMATIC S7-1500 CPU family. The technical issue is described as an RCU-related use-after-free in the Linux kernel IPC path, and the remediation section explicitly states that no fix is currently available.
Official resources
-
CVE-2025-38212 CVE record
CVE.org
-
CVE-2025-38212 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Published by CISA on 2025-06-10 and last updated in the supplied source on 2026-05-14. The advisory references Siemens ProductCERT SSA-082556 and, in the supplied remediation data, notes that no fix is currently available.