PatchSiren cyber security CVE debrief
CVE-2025-54821 Siemens CVE debrief
The supplied CISA/Siemens advisory for CVE-2025-54821 describes an improper privilege management issue in which an authenticated administrator may bypass trusted-host policy through a crafted CLI command. The advisory metadata maps the issue to Siemens RUGGEDCOM APE1808, but the CVE description text in the supplied corpus names Fortinet FortiOS/FortiPAM/FortiProxy versions, so asset owners should validate applicability against the Siemens advisory before acting.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- LOW 1.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-05-13
- Original CVE updated
- 2026-02-12
- Advisory published
- 2025-05-13
- Advisory updated
- 2026-02-12
Who should care
OT/ICS operators using Siemens RUGGEDCOM APE1808, security teams that manage administrator CLI access or trusted-host allowlists, and vulnerability managers validating whether this CVE maps to their fleet. Because the supplied corpus contains a Siemens/Fortinet product-description mismatch, change teams should confirm exposure before prioritizing remediation.
Technical summary
CWE-269 improper privilege management. The supplied CVSS 3.1 vector (AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N) indicates local access, high attack complexity, and high privileges are required, with limited integrity impact and no confidentiality or availability impact in the vector. The described abuse path is a crafted CLI command that bypasses trusted-host policy.
Defensive priority
Low, with targeted validation in environments that depend on trusted-host restrictions.
Recommended defensive actions
- Confirm whether Siemens RUGGEDCOM APE1808 is deployed and whether the CISA/Siemens advisory applies to your assets.
- Contact Siemens customer support for patch and update information, as the advisory directs.
- Restrict and review administrator CLI access, especially for accounts that can change trusted-host settings.
- Audit trusted-host configuration and administrative authentication logs for unexpected changes or policy bypass attempts.
- Apply vendor remediation promptly when available and track the Siemens/CISA advisory for updates.
Evidence notes
The source item is CISA CSAF ICSA-25-135-01 republished from Siemens ProductCERT SSA-864900. Its revision history shows initial publication on 2025-05-13 and later updates, including a CISA republication update on 2026-02-12. The metadata identifies Siemens RUGGEDCOM APE1808 as the affected product and links to Siemens and CISA advisories, while the CVE description text in the supplied corpus refers to Fortinet FortiOS/FortiPAM/FortiProxy versions. This debrief follows the supplied corpus and flags the product-text mismatch for validation.
Official resources
-
CVE-2025-54821 CVE record
CVE.org
-
CVE-2025-54821 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the CISA CSAF advisory on 2025-05-13; CISA republished/updated the advisory on 2026-02-12. Use the advisory dates for timeline context rather than the later republication date.