PatchSiren cyber security CVE debrief
CVE-2025-38430 Siemens CVE debrief
CVE-2025-38430 concerns a Linux kernel nfsd check that can examine request state without first confirming the request is an NFSv4 COMPOUND operation. The advisory published by CISA on 2025-06-10, based on Siemens ProductCERT material, maps the issue to several SIMATIC S7-1500 CPU MFP products and states that no fix is currently available. The source CVSS vector is local, low-privilege, no-user-interaction, and availability-only, so the main concern is operational disruption rather than data exposure.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-10
- Original CVE updated
- 2026-05-14
- Advisory published
- 2025-06-10
- Advisory updated
- 2026-05-14
Who should care
Siemens SIMATIC S7-1500 CPU operators, OT/ICS maintainers, and administrators responsible for the additional GNU/Linux subsystem should review this issue, especially where local shell or application-building access exists for personnel on affected systems.
Technical summary
The vulnerability is described as a Linux kernel nfsd logic flaw in nfsd4_spo_must_allow(): if the request being processed is not a v4 compound request, examining cstate can lead to undefined results. The patch adds a check that the RPC procedure in rq_procinfo is NFSPROC4_COMPOUND before using that state. In the CISA/Siemens advisory corpus, the CVE is associated with five SIMATIC S7-1500 CPU product variants, and the remediation section says no fix is available at this time.
Defensive priority
Medium. The published CVSS score is 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H), which limits exploitability to local access, but the affected Siemens advisory says no fix is available and the impact is availability-focused in an OT environment.
Recommended defensive actions
- Confirm whether any listed SIMATIC S7-1500 CPU product is present and whether the additional GNU/Linux subsystem is enabled or used.
- Limit access to the interactive shell of the additional GNU/Linux subsystem to trusted personnel only.
- Only build and run applications from trusted sources on affected systems.
- Apply least privilege for local accounts and reduce unnecessary interactive access on the impacted devices.
- Monitor Siemens ProductCERT and CISA advisory updates for any future remediation guidance and follow ICS defense-in-depth practices.
Evidence notes
The CISA CSAF source item for ICSA-25-162-05 and the Siemens ProductCERT advisory references describe the kernel nfsd issue, the affected Siemens product list, and the statement that no fix is currently available. The supplied CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) supports a local, availability-only risk profile. The CVE record and NVD link are official identifier and database references.
Official resources
-
CVE-2025-38430 CVE record
CVE.org
-
CVE-2025-38430 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Published by CISA on 2025-06-10 as ICSA-25-162-05, based on Siemens ProductCERT SSA-082556; latest CISA republication update recorded on 2026-05-14.