CVE 8.9 HIGH

Studio 5000 ® Simulation Interface SSRF_CVE-2025-11696

November 11, 2025 invoker category_cve

8.9 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

A local server-side request forgery (SSRF) security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to trigger outbound SMB requests, enabling the capture of NTLM hashes.

AI Analysis

Local server-side request forgery (SSRF) vulnerability allowing capture of NTLM hashes via outbound SMB requests

Basic Information

ID CVE-2025-11696

Source Rockwell

Published Nov 11, 2025 at 13:47

Affected Product

Vendor Rockwell Automation

Product Studio 5000® Simulation Interface™

Version 2.02 and prior

Affected Versions Rockwell Automation Studio 5000® Simulation Interface™ 2.02 and prior

CWE Classification

CWE-22

AI Assessment

AI Score 8.9 / 10

AI Severity High

Vendor Rockwell Automation

Product Studio 5000 Simulation Interface

Version 2.02 and prior

References

www.rockwellautomation.com /en-us/trust-center/security-advisories/advisory.SD1760.html

{
    "lastseen": "",
    "description": "A local server-side request forgery (SSRF) security issue exists within Studio 5000\u00ae Simulation Interface\u2122 via the API. This vulnerability allows any Windows user on the system to trigger outbound SMB requests, enabling the capture of NTLM hashes.",
    "published": "2025-11-11T13:47:10.872Z",
    "modified": "2025-11-11T13:47:10.872Z",
    "type": "cve",
    "title": "Studio 5000 \u00ae Simulation Interface SSRF",
    "source": "Rockwell",
    "references": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1760.html",
    "id": "CVE-2025-11696",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "Rockwell Automation Studio 5000\u00ae Simulation Interface\u2122 2.02 and prior",
    "sourceHref": "",
    "cvss": {
        "score": 8.9,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Studio 5000\u00ae Simulation Interface\u2122",
    "version": "2.02 and prior",
    "vendor": "Rockwell Automation",
    "ai_description": "Local server-side request forgery (SSRF) vulnerability allowing capture of NTLM hashes via outbound SMB requests",
    "ai_severity": "High",
    "ai_vendor": "Rockwell Automation",
    "ai_product": "Studio 5000 Simulation Interface",
    "ai_version": "2.02 and prior",
    "ai_score": 8.9
}

💭 Join the Security Discussion ❌ Cancel Reply