On July 31, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) issued two significant advisories concerning vulnerabilities in Industrial Control Systems (ICS). These vulnerabilities, found in Güralp seismic monitoring devices and Rockwell Automation systems utilizing VMware infrastructure, pose substantial risks to critical infrastructure sectors worldwide.
Güralp Seismic Monitoring Systems Vulnerability
The first advisory highlights a severe authentication bypass vulnerability in Güralp FMUS Series Seismic Monitoring Devices, affecting all deployed versions globally. This flaw, identified as CVE-2025-8286 and categorized under CWE-306 (Missing Authentication for Critical Function), has been assigned a CVSS v4 score of 9.3 and a CVSS v3 score of 9.8, indicating its critical nature.
Security researcher Souvik Kandar from MicroSec discovered that these devices expose an unauthenticated Telnet-based command line interface accessible remotely with low attack complexity. Exploitation of this vulnerability could allow attackers to alter hardware configurations, manipulate seismic data, or perform factory resets on equipment essential for earthquake detection and industrial safety systems.
The CVSS v4 vector string AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N indicates that the attack is network-accessible, requires no user interaction or privileges, and can lead to high confidentiality, integrity, and availability impacts. Despite CISA’s efforts to coordinate disclosure, Güralp Systems has not responded, leaving users to implement network-level mitigations such as firewall isolation and VPN-secured remote access.
Rockwell Automation’s VMware-Based Systems Vulnerabilities
The second advisory addresses vulnerabilities in Rockwell Automation’s Lifecycle Services that utilize VMware infrastructure, including Industrial Data Centers (IDC), VersaVirtual Appliances (VVA), Threat Detection Managed Services (TDMS), and Endpoint Protection Services. Four distinct vulnerabilities have been identified, with CVSS v4 scores reaching 9.4.
Three critical out-of-bounds write vulnerabilities—CVE-2025-41236, CVE-2025-41237, and CVE-2025-41238—result from integer overflow and underflow conditions in VMware’s VMXNET3 virtual network adapter, Virtual Machine Communication Interface (VMCI), and Paravirtualized SCSI (PVSCSI) controller, respectively. Each carries a CVSS v3.1 score of 9.3, indicating that while local access is required, the potential for complete system compromise is high.
Additionally, CVE-2025-41239 represents a CWE-908 (Use of Uninitialized Resource) vulnerability in vSockets that could leak sensitive memory contents, rated 8.2 on CVSS v4. Collectively, these vulnerabilities enable code execution on hypervisor hosts, potentially compromising entire industrial virtualization infrastructures.
Mitigation Measures
CISA emphasizes the immediate implementation of defense-in-depth strategies, as these vulnerabilities affect critical manufacturing sectors globally. Organizations are urged to prioritize network segmentation, ensuring ICS devices remain isolated from internet access and business networks.
For Rockwell systems, users with active managed service contracts will receive direct remediation support, while others should consult Broadcom’s security advisories for VMware patches. As of now, no active exploitation has been reported for either vulnerability.
