CVE-2025-38280 Siemens CVE debrief

Who should care

OT operators, Siemens SIMATIC S7-1500 owners, embedded Linux administrators, and security teams responsible for industrial control environments where local access to the affected device or subsystem is possible.

Technical summary

The advisory describes a Linux kernel BPF path where fp->jit_requested depends on bpf_jit_enable. When CONFIG_BPF_JIT_ALWAYS_ON is not set and bpf_jit_enable is 1, the architecture may attempt JIT compilation; if JIT fails (the advisory cites FAULT_INJECTION), the program can be incorrectly treated as valid. When executed, it reaches __bpf_prog_ret0_warn and raises WARN_ON_ONCE(1). The documented CVSS vector is local, low-complexity, low-privilege, no-user-interaction, with high confidentiality, integrity, and availability impact in the source record.

Defensive priority

High

Recommended defensive actions

• Apply Siemens and CISA guidance for the affected SIMATIC S7-1500 products and track the Siemens ProductCERT advisory for updates.
• Restrict access to the interactive shell of the affected GNU/Linux subsystem to trusted personnel only, as stated in the source remediation guidance.
• Only build and run applications from trusted sources on affected systems, as stated in the source remediation guidance.
• Use compensating controls from CISA industrial control systems recommended practices while no fix is available.
• Limit local access paths and review whether BPF/JIT-related configuration can be reduced or controlled in the deployed environment, consistent with vendor support guidance.

Evidence notes

Timing context is based on the supplied advisory dates, not generation time: first published 2025-06-10 and last updated 2026-05-14. The source item is CISA’s CSAF advisory ICSA-25-162-05, which references Siemens ProductCERT SSA-082556 and lists five affected Siemens SIMATIC S7-1500 CPU family products. The advisory also states that no fix is currently available. KEV is not listed for this CVE in the supplied corpus.

Official resources