Main Vulnerability Database Vulnerabilities #VU109890

Client-Side Enforcement of Server-Side Security in Siemens products - CVE-2025-33024

Published: May 28, 2025

Vulnerability identifier: #VU109890

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-33024

CWE-ID: CWE-602

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Siemens

Affected software:
RUGGEDCOM ROX MX5000
RUGGEDCOM ROX MX5000RE
RUGGEDCOM ROX RX1400
RUGGEDCOM ROX RX1500
RUGGEDCOM ROX RX1501
RUGGEDCOM ROX RX1510
RUGGEDCOM ROX RX1511
RUGGEDCOM ROX RX1512
RUGGEDCOM ROX RX1524
RUGGEDCOM ROX RX1536
RUGGEDCOM ROX RX5000

Detailed vulnerability description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to insufficient server-side validation in the "tcpdump" tool. A remote user can execute arbitrary code with root privileges.

How to mitigate CVE-2025-33024

Install updates from vendor's website.

Sources

https://cert-portal.siemens.com/productcert/html/ssa-301229.html

Client-Side Enforcement of Server-Side Security in Siemens products - CVE-2025-33024

Detailed vulnerability description

How to mitigate CVE-2025-33024

Sources

Please verify you're human