PatchSiren cyber security CVE debrief
CVE-2025-4230 Siemens CVE debrief
CVE-2025-4230 is a medium-severity command injection issue disclosed in the CISA/Siemens CSAF advisory on 2025-06-10 and republished on 2026-03-12. The supplied corpus says exploitation requires an authenticated administrator with access to the PAN-OS CLI, and the impact is arbitrary command execution as root. The advisory metadata, however, identifies Siemens RUGGEDCOM APE1808 as the affected product, so defenders should treat the source set as containing a product/description mismatch and verify the exact affected platform before acting.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- MEDIUM 6.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-10
- Original CVE updated
- 2026-03-12
- Advisory published
- 2025-06-10
- Advisory updated
- 2026-03-12
Who should care
OT/ICS administrators and security teams responsible for Siemens RUGGEDCOM APE1808, especially environments that grant CLI access to authenticated administrators. Also relevant to teams that manage privileged access controls, vendor advisory tracking, and change control for industrial appliances.
Technical summary
The vulnerability is described as command injection with local attack conditions and high privileges required (CVSS 3.1 vector: AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). In the supplied text, an authenticated administrator with CLI access can bypass system restrictions and run arbitrary commands as root. This is not presented as a remote, unauthenticated flaw; the practical exposure hinges on how broadly administrative CLI access is granted and whether privileged access is tightly controlled.
Defensive priority
Medium priority. Focus first on systems where administrative CLI access is exposed to a broad operator set, shared accounts exist, or privileged access controls are weak.
Recommended defensive actions
- Restrict CLI access to a limited group of trusted administrators.
- Review and remove unnecessary administrative accounts or shared credentials that can reach the CLI.
- Contact Siemens customer support for patch and update guidance for the affected product.
- Apply vendor fixes as soon as they are available, using normal OT change-management procedures.
- Monitor administrative activity for unusual CLI use and investigate unexpected command execution or privilege escalation attempts.
Evidence notes
Source item: CISA CSAF ICSA-25-162-02 (published 2025-06-10; modified 2026-03-12). The revision history shows later republication based on Siemens ProductCERT SSA-513708. The corpus contains an internal inconsistency: the advisory metadata names Siemens RUGGEDCOM APE1808, while the vulnerability description states Palo Alto Networks PAN-OS CLI command injection. This debrief preserves both facts and flags the mismatch for verification.
Official resources
-
CVE-2025-4230 CVE record
CVE.org
-
CVE-2025-4230 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2025-06-10. The supplied source set was republished/updated on 2026-03-12 based on Siemens ProductCERT SSA-513708. No Known Exploited Vulnerabilities (KEV) listing is present in the supplied data.