Auth bypass in Rockwell Automation Compactlogix® 5480
CVE-2025-9160
A code execution security issue exists in the affected product. An attacker with physical access could abuse the maintenance menu of the controller with a crafted payload. The security issue can result in arbitrary code execution.
Vulnerability class: Broken Authentication
EPSS: 0.002 (8.6th percentile) — read the EPSS interpretation.
Affected products
- Rockwell Automation Compactlogix® 5480 — versions Version 32 - 37.011 w Windows package (2.1.0) Win10 v1607