PatchSiren cyber security CVE debrief
CVE-2025-5244 Siemens CVE debrief
CVE-2025-5244 appears in Siemens’ SIMATIC S7-1500 advisory published by CISA on 2025-06-10 and last updated on 2026-05-14. The source description characterizes the underlying issue as a GNU Binutils memory-corruption flaw in ld/elf_gc_sweep, with local attack conditions and publicly disclosed exploit information. For the Siemens products in scope, the advisory says no fix is currently available, so risk reduction depends on restricting access to the additional GNU/Linux subsystem and limiting use to trusted sources.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-10
- Original CVE updated
- 2026-05-14
- Advisory published
- 2025-06-10
- Advisory updated
- 2026-05-14
Who should care
Operators and maintainers of the affected Siemens SIMATIC S7-1500 CPU variants, especially teams that manage the additional GNU/Linux subsystem, local shell access, application deployment, or OT/ICS support workflows.
Technical summary
The supplied source describes CVE-2025-5244 as a memory-corruption condition in GNU Binutils up to 2.44, specifically in ld’s elf_gc_sweep function in bfd/elflink.c. The published CVSS vector is 3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L, which reflects a local attack path requiring some level of local privilege. In the Siemens CSAF advisory context, the affected products are five SIMATIC S7-1500 CPU 1518/1518F MFP variants, and the remediation section states that no fix is currently available for those products.
Defensive priority
High for exposed or operationally accessible deployments; otherwise Medium, because the issue is locally exploitable but currently has no Siemens fix in the supplied advisory.
Recommended defensive actions
- Restrict access to the interactive shell of the additional GNU/Linux subsystem to trusted personnel only.
- Only build and run applications from trusted sources.
- Inventory the affected Siemens SIMATIC S7-1500 CPU variants and confirm whether the additional GNU/Linux subsystem is enabled or reachable.
- Apply Siemens or CISA advisory updates when a vendor fix or further guidance becomes available.
- Limit local administrative access and remove unnecessary shell accounts or workflows on affected devices.
- Review whether GNU Binutils/ld is used in any custom or user-managed workflow on the device and minimize that exposure.
Evidence notes
This debrief is based on the supplied CISA CSAF source item for ICSA-25-162-05, the Siemens CSAF/HTML advisory references, and the provided CVE description. The source corpus contains both the generic GNU Binutils vulnerability description and Siemens OT product impact metadata; the Siemens advisory context is what drives the affected-product interpretation here. Timing context uses the CVE published date of 2025-06-10 and the latest supplied update date of 2026-05-14. The supplied data shows no KEV listing.
Official resources
-
CVE-2025-5244 CVE record
CVE.org
-
CVE-2025-5244 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
The supplied description states that exploit information has been publicly disclosed and may be used. The CVE was published on 2025-06-10 and last updated on 2026-05-14 in the provided timeline. No KEV entry is present in the supplied data.