CVE-2025-69277 Siemens CVE debrief

Who should care

Siemens SIDIS Prime operators, OT security teams, and developers or integrators who use the affected crypto validation path with custom cryptography or untrusted data.

Technical summary

The supplied CISA CSAF advisory (ICSA-26-071-03) and Siemens ProductCERT material describe a libsodium issue affecting crypto_core_ed25519_is_valid_point before ad3004e. In the SIDIS Prime context, the validation logic can mishandle certain elliptic-curve point checks and sometimes allow points outside the intended cryptographic group. The vendor remediation is to update to V4.0.800 or later. The supplied CVSS vector is CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N with a score of 4.5.

Defensive priority

Medium — prioritize patching for any SIDIS Prime deployment below V4.0.800, especially where custom cryptography or untrusted inputs can reach the affected validation routine.

Recommended defensive actions

• Update Siemens SIDIS Prime to V4.0.800 or later.
• Review any custom cryptography or integration code that calls the affected libsodium validation routine with untrusted input.
• Confirm whether deployed configurations actually exercise the affected path and document the exposure assessment.
• Track Siemens and CISA advisories for any follow-on guidance and verify patch status across OT assets.

Evidence notes

Timing context in the supplied record shows publication on 2026-03-10 and modification/republication on 2026-03-12. The CISA CSAF source ties CVE-2025-69277 to Siemens SIDIS Prime and points to Siemens ProductCERT advisory SSA-485750. The only remediation listed in the corpus is to update to V4.0.800 or later.

Official resources