Server-Side Request Forgery in Studio 5000 Simulation Interface by Rockwell Automation
CVE-2025-11696

8.9HIGH

Key Information:

Vendor: Rockwell Automation
Status: Studio 5000® Simulation Interface™
Vendor: CVE Published:; 11 November 2025

🔔 Create Rockwell Automation Vulnerability Alert

What is CVE-2025-11696?

A local server-side request forgery (SSRF) issue exists within the Studio 5000 Simulation Interface API. This vulnerability enables any authenticated Windows user on the system to initiate unauthorized outbound SMB requests. By exploiting this flaw, an attacker could retrieve sensitive NTLM hashes, potentially compromising user credentials and overall system security.

Affected Version(s)

Studio 5000® Simulation Interface™ 2.02 and prior

References

https://www.rockwellautomation.com/en-us/trust-center/sec...

CVSS V4

Score:

8.9

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Oct 13, 2025

JSON