Buffer overflow in Rockwell Automation Arena® Simulation
CVE-2025-11918
Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. The specific flaw exists within the parsing of DOE files. Local attackers are able to exploit this issue to potentially execute arbitrary code on affected…
Vulnerability class: Buffer Overflow
EPSS: 0.001 (3.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.3 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H.
Affected products
- Rockwell Automation Arena® Simulation — versions Version 16.20.10 and prior
- Rockwellautomation Arena
Weakness classification (CWE)
References
- PSIRT@rockwellautomation.com (Vendor Advisory)
Frequently asked questions
- What is CVE-2025-11918?
- CVE-2025-11918 is a high-severity vulnerability in Rockwell Automation Arena® Simulation, classified under Stack-based Buffer Overflow. CVSS score: 7.3/10. Published 2025-11-14.
- How severe is CVE-2025-11918?
- High severity. CVSS v3 base score is 7.3 out of 10.