PatchSiren cyber security CVE debrief
CVE-2025-38498 Siemens CVE debrief
CVE-2025-38498 is a Linux kernel flaw in do_change_type() that was fixed to refuse operations on unmounted or "not ours" mounts. The correction ensures propagation settings can only be changed for mounts in the caller's mount namespace, aligning permission checks with the rest of mount(2). CISA republished Siemens advisory SSA-089022 as ICSA-26-043-06 for affected Siemens industrial products running SINEC OS firmware, and Siemens directs users to update to V3.3 or later where applicable.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- HIGH 7.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-28
- Original CVE updated
- 2026-02-25
- Advisory published
- 2026-01-28
- Advisory updated
- 2026-02-25
Who should care
Siemens industrial network operators, OT/ICS administrators, and incident responders responsible for SINEC OS firmware on affected Siemens devices, including the listed RUGGEDCOM RST2428P and SCALANCE families.
Technical summary
The underlying issue is a Linux kernel mount-namespace permission check problem. According to the source advisory, the fix makes do_change_type() refuse to operate on mounts that are unmounted or outside the caller's namespace, preventing propagation-setting changes on mounts the caller does not own. The supplied CVSS vector is AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H, which indicates local access, low privileges, no user interaction, changed scope, and a primary impact to availability.
Defensive priority
High for any affected Siemens SINEC OS deployment; remediate promptly and verify firmware exposure across all listed product families.
Recommended defensive actions
- Identify whether any Siemens devices in your environment run SINEC OS firmware and map them against the affected product list in ICSA-26-043-06 / SSA-089022.
- Apply Siemens remediation to V3.3 or later for affected products, following the product-specific guidance in the advisory.
- Restrict local and administrative access to affected systems until patched, since exploitation requires local access and low privileges per the supplied CVSS vector.
- Follow CISA ICS recommended practices and defense-in-depth guidance for segmentation, least privilege, and controlled maintenance access in OT environments.
Evidence notes
This debrief is based only on the supplied CISA CSAF item (ICSA-26-043-06), the Siemens SSA-089022 references, and the included CVE description/CVSS vector. The source revision history shows CISA publication on 2026-01-28, additional updates on 2026-02-12 and 2026-02-24, and the latest republication on 2026-02-25. The advisory text also states that only SINEC OS firmware is impacted and that Siemens remediation is to update to V3.3 or later where applicable.
Official resources
-
CVE-2025-38498 CVE record
CVE.org
-
CVE-2025-38498 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA CSAF advisory ICSA-26-043-06 on 2026-01-28 and updated through 2026-02-25 based on Siemens ProductCERT SSA-089022.