CVE-2025-7546 Siemens CVE debrief

Who should care

OT/ICS defenders, Siemens SIMATIC S7-1500 CPU operators, and maintenance teams responsible for the affected CPU variants—especially where the additional GNU/Linux subsystem or local application build/run workflows are enabled.

Technical summary

The supplied source set marks CVE-2025-7546 as a local vulnerability with CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L (5.3). The CISA CSAF advisory lists five affected Siemens products: SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0 and 1AC0), SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0 and 1AC0), and SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0). The advisory remediation text says there is currently no fix available and recommends limiting access to the interactive shell of the additional GNU/Linux subsystem to trusted personnel and only building/running applications from trusted sources. The source description separately identifies an out-of-bounds write in GNU Binutils 2.45 at bfd_elf_set_group_contents in bfd/elf.c, so the record should be validated against the exact software stack in use.

Defensive priority

Medium. Prioritize this if the listed Siemens CPU family is deployed and local access to the GNU/Linux subsystem or application execution paths is possible, because the issue is locally exploitable, publicly disclosed per source description, and no fix was available in the advisory text.

Recommended defensive actions

• Inventory the listed Siemens SIMATIC S7-1500 CPU variants and confirm whether CVE-2025-7546 applies to your deployed units.
• Restrict access to the interactive shell of the additional GNU/Linux subsystem to trusted personnel only.
• Only build and run applications from trusted sources on affected systems.
• Review local user permissions and OT access controls on impacted devices.
• Monitor Siemens ProductCERT SSA-082556 and the CISA advisory for a vendor fix, then apply it promptly when released.
• Validate whether the GNU Binutils-related description text applies to your environment, given the source mismatch between component narrative and Siemens product metadata.

Evidence notes

The evidence corpus is internally inconsistent. The description field says the problem is in GNU Binutils 2.45, function bfd_elf_set_group_contents in bfd/elf.c, with a publicly disclosed exploit and a patch identified by commit 41461010eb7c79fee7a9d5f6209accdaac66cc6b. However, the CSAF metadata in the same source item maps CVE-2025-7546 to Siemens SIMATIC S7-1500 CPU family products and lists five affected product identifiers, plus remediations stating that no fix is currently available. This debrief preserves both sets of source facts and flags the mismatch as something to verify before taking action.

Official resources