cve-2025-40947

CVE-2025-40947 is an authenticated remote command-injection vulnerability affecting Siemens RUGGEDCOM ROX firmware versions before 2.17.1. Discovered in the feature key installation process, the flaw impacts multiple industrial devices including MX5000, RX1400, and RX1500 series. Siemens disclosed the issue on May 12, 2026, with CISA republishing the advisory on May 14. While not a remotely exploitable internet-facing bug, it poses a significant risk in flat or poorly segmented OT networks where an authenticated attacker could gain privileged access. The recommended mitigation is updating to ROX 2.17.1 or later. This tag covers discussions, advisories, and patching guidance for CVE-2025-40947.