PatchSiren cyber security CVE debrief
CVE-2025-39929 Siemens CVE debrief
CVE-2025-39929 is a medium-severity Linux kernel issue that Siemens/CISA map to the SIMATIC S7-1500 CPU family. The supplied advisory context points to an smbdirect_recv_io leak in smbd_negotiate() error handling, with an availability impact and no vendor fix available in the cited Siemens advisory at the time of publication. For OT environments, the practical concern is the affected CPU family and any Linux/GNU subsystem exposure, especially where shell access is enabled or applications are sourced from outside trusted channels.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-10
- Original CVE updated
- 2026-05-14
- Advisory published
- 2025-06-10
- Advisory updated
- 2026-05-14
Who should care
Siemens SIMATIC S7-1500 CPU 1518-4/1518F-4 PN/DP MFP operators, OT security teams, and integrators responsible for devices that include the affected GNU/Linux subsystem. Also relevant to defenders who manage access to interactive shells on these systems or validate third-party applications running on them.
Technical summary
The source description says the Linux kernel vulnerability is resolved by fixing a smbdirect_recv_io leak in the smbd_negotiate() error path. The advisory context ties CVE-2025-39929 to Siemens SIMATIC S7-1500 CPU family products. The provided CVSS vector is AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, which indicates local exploitation conditions with high availability impact and no direct confidentiality or integrity impact in the supplied scoring.
Defensive priority
Medium. The issue is locally exploitable and availability-focused, and Siemens’ remediation notes indicate no fix was available in the supplied advisory context, so exposure management matters until an updated vendor fix is available.
Recommended defensive actions
- Inventory the affected Siemens SIMATIC S7-1500 CPU family models listed in the advisory and confirm whether the GNU/Linux subsystem is enabled or used.
- Restrict access to any interactive shell on the additional GNU/Linux subsystem to trusted personnel only, as stated in the Siemens remediation guidance.
- Only build and run applications from trusted sources on affected devices, per the advisory remediation.
- Track Siemens ProductCERT and CISA republished advisory updates for a fix or additional guidance.
- Validate operational recovery plans for affected controllers so a local availability issue does not interrupt essential processes.
- Review least-privilege access controls for engineers and integrators who can reach the affected subsystem.
Evidence notes
The supplied source corpus contains three key evidence points: (1) the CVE description states a Linux kernel smbdirect_recv_io leak in smbd_negotiate() error handling; (2) the Siemens/CISA advisory context applies the CVE to SIMATIC S7-1500 CPU family products; and (3) the remediation section says no fix is currently available and recommends limiting shell access and using only trusted applications. The revision history shows the CVE was initially published on 2025-06-10 and later updated in CISA republication on 2026-05-14.
Official resources
-
CVE-2025-39929 CVE record
CVE.org
-
CVE-2025-39929 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE published 2025-06-10 and last modified 2026-05-14 in the supplied source timeline. The CISA source history shows the advisory was initially published on 2025-06-10, later republished/updated multiple times, with the latest listed CISA/S