Local Code Execution Vulnerability in Rockwell Automation Arena
CVE-2025-3288

8.5HIGH

Key Information:

Vendor: Rockwell Automation
Status: Arena®
Vendor: CVE Published:; 8 April 2025

Summary

A local code execution vulnerability in Rockwell Automation's Arena arises from inadequate validation of user-inputted data. This flaw allows a threat actor with legitimate user access to open a malicious DOE file, resulting in the potential disclosure of sensitive information and execution of arbitrary code within the system. Proper security measures and validation processes are crucial to mitigate the risks associated with this vulnerability.

Affected Version(s)

Arena® 16.20.08 and earlier

References

https://www.rockwellautomation.com/en-us/trust-center/sec...

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Apr 4, 2025