CVE-2025-11918 | THREATINT

Description

Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. The specific flaw exists within the parsing of DOE files. Local attackers are able to exploit this issue to potentially execute arbitrary code on affected installations of Arena®. Exploiting the vulnerability requires opening a malicious DOE file.

PUBLISHED Reserved 2025-10-17 | Published 2025-11-14 | Updated 2025-11-14 | Assigner Rockwell

HIGH: 7.1CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-121: Stack-based Buffer Overflow

Product status

Default status

unaffected

Version 16.20.10 and prior

affected

References

www.rockwellautomation.com/...dvisories/advisory.SD1763.html

cve.org (CVE-2025-11918)

nvd.nist.gov (CVE-2025-11918)

Download JSON