Rockwell Automation Arena® Simulation Stack-Based Buffer Overflow Vulnerability_CVE-2025-11918

7.1 / 10

HIGH

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Rockwell Automation Arena® suffers from a
stack-based buffer overflow vulnerability. The specific flaw exists within the
parsing of DOE files. Local attackers are able to exploit this issue to
potentially execute arbitrary code on affected installations of Arena®. Exploiting
the vulnerability requires opening a malicious DOE file.

Basic Information

ID CVE-2025-11918

Source Rockwell

Published Nov 14, 2025 at 13:28

Modified Nov 14, 2025 at 15:44

Affected Product

Vendor Rockwell Automation

Product Arena® Simulation

Version Version 16.20.10 and prior

Affected Versions Rockwell Automation Arena® Simulation Version 16.20.10 and prior

CWE Classification

CWE-121

References

www.rockwellautomation.com /en-us/trust-center/security-advisories/advisory.SD1763.html

{
    "lastseen": "",
    "description": "Rockwell Automation Arena\u00ae suffers from a\nstack-based buffer overflow vulnerability. The specific flaw exists within the\nparsing of DOE files. Local attackers are able to exploit this issue to\npotentially execute arbitrary code on affected installations of Arena\u00ae. Exploiting\nthe vulnerability requires opening a malicious DOE file.",
    "published": "2025-11-14T13:28:39.453Z",
    "modified": "2025-11-14T15:44:16.712Z",
    "type": "cve",
    "title": "Rockwell Automation Arena\u00ae Simulation Stack-Based Buffer Overflow Vulnerability",
    "source": "Rockwell",
    "references": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1763.html",
    "id": "CVE-2025-11918",
    "bulletinFamily": "",
    "cwe": [
        "CWE-121"
    ],
    "cvelist": null,
    "sourceData": "Rockwell Automation Arena\u00ae Simulation Version 16.20.10 and prior",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Arena\u00ae Simulation",
    "version": "Version 16.20.10 and prior",
    "vendor": "Rockwell Automation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}