Cyber Resilience

CVE-2025-41224

High

Published: 08 July 2025

Published
08 July 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 7.7 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0015 35.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-41224 is a high-severity Protection Mechanism Failure (CWE-693) vulnerability. Its CVSS base score is 7.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique External Remote Services (T1133); ranked at the 35.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-41224 is a vulnerability in multiple Siemens RUGGEDCOM device models running V5.X firmware, including RMC8388, RMC8388NC, RS416NCv2, RS416PNCv2, RS416Pv2, RS416v2, RS900 (32M), RS900G (32M), RS900GNC(32M), RS900NC(32M), RSG2100 (32M), RSG2100NC(32M), RSG2100P (32M), RSG2100PNC (32M), RSG2288, RSG2288NC, RSG2300, RSG2300NC, RSG2300P, RSG2300PNC, RSG2488, RSG2488NC, RSG907R, RSG908C, RSG909R, RSG910C, RSG920P, RSG920PNC, RSL910, RSL910NC, RST2228, RST2228P, RST916C, and RST916P, all versions prior to V5.10.0. The issue stems from improper enforcement of interface access restrictions when switching from management to non-management interface configurations; although the configuration is saved, restrictions are not applied until a system reboot. This flaw is rated 8.8 on the CVSS v3.1 scale (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-693 (Protection Mechanism Failure).

An attacker on an adjacent network (AV:A) with no privileges required (PR:N) can exploit this low-complexity vulnerability (AC:L) without user interaction. By leveraging network access and credentials, the attacker can gain unauthorized access to the device via a non-management interface and maintain persistent SSH access until the device is rebooted, potentially leading to high confidentiality, integrity, and availability impacts (C:I:A:H).

The Siemens product CERT advisory at https://cert-portal.siemens.com/productcert/html/ssa-083019.html provides details on mitigation. Affected devices should be upgraded to V5.10.0 or later firmware versions, where the issue is addressed.

EU & UK References

Vulnerability details

A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.10.0), RUGGEDCOM RMC8388NC V5.X (All versions < V5.10.0), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416Pv2 V5.X (All versions <…

more

V5.10.0), RUGGEDCOM RS416v2 V5.X (All versions < V5.10.0), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900GNC(32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900NC(32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100NC(32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100PNC (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2288 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2288NC V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300NC V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300P V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300PNC V5.X (All versions < V5.10.0), RUGGEDCOM RSG2488 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2488NC V5.X (All versions < V5.10.0), RUGGEDCOM RSG907R (All versions < V5.10.0), RUGGEDCOM RSG908C (All versions < V5.10.0), RUGGEDCOM RSG909R (All versions < V5.10.0), RUGGEDCOM RSG910C (All versions < V5.10.0), RUGGEDCOM RSG920P V5.X (All versions < V5.10.0), RUGGEDCOM RSG920PNC V5.X (All versions < V5.10.0), RUGGEDCOM RSL910 (All versions < V5.10.0), RUGGEDCOM RSL910NC (All versions < V5.10.0), RUGGEDCOM RST2228 (All versions < V5.10.0), RUGGEDCOM RST2228P (All versions < V5.10.0), RUGGEDCOM RST916C (All versions < V5.10.0), RUGGEDCOM RST916P (All versions < V5.10.0). The affected products do not properly enforce interface access restrictions when changing from management to non-management interface configurations until a system reboot occurs, despite configuration being saved. This could allow an attacker with network access and credentials to gain access to device through non-management and maintain SSH access to the device until reboot.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1133 External Remote Services Persistence
Adversaries may leverage external-facing remote services to initially access and/or persist within a network.
T1021.004 SSH Lateral Movement
Adversaries may use [Valid Accounts](https://attack.
Why these techniques?

Vulnerability bypasses interface restrictions enabling unauthorized persistent SSH access (T1133 External Remote Services, T1021.004 SSH).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-8962Shared CWE-693
CVE-2024-56181Shared CWE-693
CVE-2026-25115Shared CWE-693
CVE-2026-0045Shared CWE-693
CVE-2025-48602Shared CWE-693
CVE-2024-55024Shared CWE-693
CVE-2025-49740Shared CWE-693
CVE-2026-32202Shared CWE-693
CVE-2026-29649Shared CWE-693
CVE-2026-21510Shared CWE-693

Affected Assets

All
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the vulnerability by requiring timely remediation through firmware upgrades to V5.10.0 or later, as recommended by the vendor advisory.

prevent

Addresses the core protection mechanism failure by enforcing approved authorizations and access restrictions on management versus non-management interfaces.

prevent

Ensures baseline configuration settings for interfaces reflect restrictive access controls, reducing risk of improper enforcement until reboot.

References