Main Vulnerability Database Vulnerabilities #VU109889

#VU109889 Client-Side Enforcement of Server-Side Security in Siemens products - CVE-2025-32469

Published: May 28, 2025

Vulnerability identifier: #VU109889

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-32469

CWE-ID: CWE-602

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
RUGGEDCOM ROX MX5000
RUGGEDCOM ROX MX5000RE
RUGGEDCOM ROX RX1400
RUGGEDCOM ROX RX1500
RUGGEDCOM ROX RX1501
RUGGEDCOM ROX RX1510
RUGGEDCOM ROX RX1511
RUGGEDCOM ROX RX1512
RUGGEDCOM ROX RX1524
RUGGEDCOM ROX RX1536
RUGGEDCOM ROX RX5000

Software vendor:
Siemens

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to insufficient server-side validation in the "ping" tool. A remote user can execute arbitrary code with root privileges.

Remediation

Install updates from vendor's website.

External links

https://cert-portal.siemens.com/productcert/html/ssa-301229.html

#VU109889 Client-Side Enforcement of Server-Side Security in Siemens products - CVE-2025-32469

Description

Remediation

External links

Please verify you're human