CPE
Unit 42 and Siemens collaborated to disclose three critical chained zero-day vulnerabilities (CVE-2025-40948, CVE-2025-40947, CVE-2025-40949) in Siemens ROX II operational technology switches, allowing an attacker to achieve arbitrary file disclosure, privilege escalation to root, and persistent root-level code execution.