CVE-2025-6965 Siemens CVE debrief

Who should care

Asset owners, operators, and integrators running Siemens SIDIS Prime below 4.0.800 should treat this as a priority patch. OT/ICS security teams and administrators responsible for systems that depend on the affected SIDIS Prime release should also review exposure and update plans.

Technical summary

CISA's CSAF advisory ICSA-26-071-03 maps CVE-2025-6965 to Siemens SIDIS Prime vers:intdot/<4.0.800. The source description states that SQLite versions before 3.50.2 can encounter a memory-corruption condition when the number of aggregate terms exceeds the number of columns available. The advisory lists CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L with a score of 7.7.

Defensive priority

High

Recommended defensive actions

• Inventory Siemens SIDIS Prime deployments and confirm whether any instance is below version 4.0.800.
• Upgrade affected systems to V4.0.800 or later, following Siemens maintenance procedures.
• Test the update on a representative system before broad deployment to avoid operational disruption.
• Limit unnecessary network exposure and restrict administrative access to SIDIS Prime systems where possible.
• Monitor affected hosts for crashes, instability, or other anomalous behavior until remediation is complete.

Evidence notes

Primary evidence comes from CISA's republished CSAF advisory ICSA-26-071-03, published 2026-03-10 and updated 2026-03-12 from Siemens ProductCERT advisory SSA-485750. The source corpus ties the CVE to Siemens SIDIS Prime versions below 4.0.800 and recommends upgrading to V4.0.800 or later. The advisory description also includes the SQLite aggregate-term memory-corruption condition and the listed CVSS vector CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L.

Official resources