Improper Resource Locking in B&R Industrial Automation Automation Runtime
CVE-2025-3450

9.3CRITICAL

Key Information:

Vendor: B&r Industrial Automation
Status: Automation Runtime
Vendor: CVE Published:; 7 October 2025

🔔 Create B&r Industrial Automation Vulnerability Alert

What is CVE-2025-3450?

The B&R Industrial Automation Automation Runtime has an improper resource locking vulnerability that could allow unauthorized access or modifications to the resource management system. This issue specifically affects versions of Automation Runtime from 6.0 up to but not including 6.3 and those released prior to Q4.93. Successful exploitation of this vulnerability may lead to potential disruptions in automation processes and compromise system integrity.

Affected Version(s)

Automation Runtime 6.0 < 6.3

Automation Runtime 0

References

https://www.br-automation.com/fileadmin/SA25P002-f6a69e61...

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 7, 2025
Vulnerability Reserved
Apr 8, 2025

JSON