Denial-of-Service Vulnerability in Rockwell Automation Controller
CVE-2025-9166

8.2HIGH

Key Information:

Vendor
CVE Published:
9 September 2025

What is CVE-2025-9166?

A denial-of-service vulnerability has been identified in Rockwell Automation's controllers, where repeated attempts to forward messages can lead to a significant nonrecoverable fault in the system. This could severely disrupt operational continuity and requires immediate attention to mitigate risks associated with service interruptions.

Affected Version(s)

ControlLogix® 5580 Version 35.013

References

CVSS V4

Score:
8.2
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-9166 : Denial-of-Service Vulnerability in Rockwell Automation Controller