PatchSiren cyber security CVE debrief
CVE-2025-57740 Siemens CVE debrief
CVE-2025-57740 is a HIGH-severity heap-based buffer overflow reported in an RDP bookmark connection path. The advisory text says an authenticated user may be able to execute unauthorized code via crafted requests. The published CVSS v3.1 score is 7.5, reflecting network attackability with elevated requirements and high potential impact.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-05-13
- Original CVE updated
- 2026-02-12
- Advisory published
- 2025-05-13
- Advisory updated
- 2026-02-12
Who should care
Teams responsible for the affected products named in the advisory text, especially administrators of FortiOS, FortiPAM, and FortiProxy deployments that use RDP bookmark functionality. OT and security teams ingesting the CISA/Siemens advisory should also review it because the source CSAF product tree maps the issue to Siemens RUGGEDCOM APE1808.
Technical summary
The source corpus describes a CWE-122 heap-based buffer overflow in an RDP bookmark connection workflow. An authenticated attacker who can reach the affected functionality may be able to send crafted requests that trigger unauthorized code execution. The supplied CVSS vector is CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H, consistent with a remotely reachable issue that still requires some privileges and careful conditions.
Defensive priority
High — validate applicability quickly and prioritize remediation on any exposed or privileged management path that matches the advisory.
Recommended defensive actions
- Verify applicability carefully before remediation, because the advisory data is internally inconsistent: the product tree names Siemens RUGGEDCOM APE1808, while the vulnerability text and remediation refer to Fortinet-br
- Apply the vendor remediation stated in the source advisory: update FortiGate NGFW to V7.4.9 or later, following the secure update recommendation procedure, and use the vendor’s guidance for any other affected product if/
- Restrict and monitor access to RDP bookmark and other administrative interfaces using least privilege, strong authentication, and network segmentation.
- Review logs and alerts for unusual or malformed requests targeting bookmark-related services, especially activity from authenticated accounts with access to management functions.
- Use CISA ICS recommended practices and defense-in-depth guidance to reduce exposure of critical management services and limit the blast radius of a successful compromise.
Evidence notes
The primary source is CISA’s CSAF republication for ICSA-25-135-01, which has publishedAt 2025-05-13T00:00:00Z and modifiedAt 2026-02-12T07:00:00Z. The revision history shows CVE-2025-57740 was added on 2025-11-11 and the latest update is a CISA republication based on Siemens ProductCERT SSA-864900. Important data-quality issue: the advisory metadata maps the affected product to Siemens RUGGEDCOM APE1808, but the vulnerability description and remediation text name FortiOS, FortiPAM, FortiProxy, and FortiGate NGFW. Treat product applicability as needing manual verification before action.
Official resources
-
CVE-2025-57740 CVE record
CVE.org
-
CVE-2025-57740 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly published by CISA on 2025-05-13, with the latest source modification on 2026-02-12. The advisory revision history shows CVE-2025-57740 was introduced in the 2025-11-11 additional release, and the latest republication cites Siemens/