CVE-2025-41224
Published: 08 July 2025
Summary
CVE-2025-41224 is a high-severity Protection Mechanism Failure (CWE-693) vulnerability. Its CVSS base score is 7.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique External Remote Services (T1133); ranked at the 35.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-41224 is a vulnerability in multiple Siemens RUGGEDCOM device models running V5.X firmware, including RMC8388, RMC8388NC, RS416NCv2, RS416PNCv2, RS416Pv2, RS416v2, RS900 (32M), RS900G (32M), RS900GNC(32M), RS900NC(32M), RSG2100 (32M), RSG2100NC(32M), RSG2100P (32M), RSG2100PNC (32M), RSG2288, RSG2288NC, RSG2300, RSG2300NC, RSG2300P, RSG2300PNC, RSG2488, RSG2488NC, RSG907R, RSG908C, RSG909R, RSG910C, RSG920P, RSG920PNC, RSL910, RSL910NC, RST2228, RST2228P, RST916C, and RST916P, all versions prior to V5.10.0. The issue stems from improper enforcement of interface access restrictions when switching from management to non-management interface configurations; although the configuration is saved, restrictions are not applied until a system reboot. This flaw is rated 8.8 on the CVSS v3.1 scale (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-693 (Protection Mechanism Failure).
An attacker on an adjacent network (AV:A) with no privileges required (PR:N) can exploit this low-complexity vulnerability (AC:L) without user interaction. By leveraging network access and credentials, the attacker can gain unauthorized access to the device via a non-management interface and maintain persistent SSH access until the device is rebooted, potentially leading to high confidentiality, integrity, and availability impacts (C:I:A:H).
The Siemens product CERT advisory at https://cert-portal.siemens.com/productcert/html/ssa-083019.html provides details on mitigation. Affected devices should be upgraded to V5.10.0 or later firmware versions, where the issue is addressed.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-20424
Vulnerability details
A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.10.0), RUGGEDCOM RMC8388NC V5.X (All versions < V5.10.0), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416Pv2 V5.X (All versions <…
more
V5.10.0), RUGGEDCOM RS416v2 V5.X (All versions < V5.10.0), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900GNC(32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900NC(32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100NC(32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100PNC (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2288 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2288NC V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300NC V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300P V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300PNC V5.X (All versions < V5.10.0), RUGGEDCOM RSG2488 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2488NC V5.X (All versions < V5.10.0), RUGGEDCOM RSG907R (All versions < V5.10.0), RUGGEDCOM RSG908C (All versions < V5.10.0), RUGGEDCOM RSG909R (All versions < V5.10.0), RUGGEDCOM RSG910C (All versions < V5.10.0), RUGGEDCOM RSG920P V5.X (All versions < V5.10.0), RUGGEDCOM RSG920PNC V5.X (All versions < V5.10.0), RUGGEDCOM RSL910 (All versions < V5.10.0), RUGGEDCOM RSL910NC (All versions < V5.10.0), RUGGEDCOM RST2228 (All versions < V5.10.0), RUGGEDCOM RST2228P (All versions < V5.10.0), RUGGEDCOM RST916C (All versions < V5.10.0), RUGGEDCOM RST916P (All versions < V5.10.0). The affected products do not properly enforce interface access restrictions when changing from management to non-management interface configurations until a system reboot occurs, despite configuration being saved. This could allow an attacker with network access and credentials to gain access to device through non-management and maintain SSH access to the device until reboot.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability bypasses interface restrictions enabling unauthorized persistent SSH access (T1133 External Remote Services, T1021.004 SSH).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the vulnerability by requiring timely remediation through firmware upgrades to V5.10.0 or later, as recommended by the vendor advisory.
Addresses the core protection mechanism failure by enforcing approved authorizations and access restrictions on management versus non-management interfaces.
Ensures baseline configuration settings for interfaces reflect restrictive access controls, reducing risk of improper enforcement until reboot.