CVE-2025-6376

Severity CVSS v4.0:
HIGH
Type:
CWE-20 Input Validation
Publication date:
09/07/2025
Last modified:
10/07/2025

Description

A remote<br /> code execution security issue exists in the Rockwell Automation Arena®.  A crafted DOE<br /> file can force Arena Simulation to write beyond the boundaries of an allocated<br /> object. Exploitation<br /> requires user interaction, such as opening a malicious file within the software.<br /> If exploited, a threat actor could execute arbitrary code on the target system.<br /> The software must run under the context of the administrator in order to cause<br /> worse case impact. This is reflected in the Rockwell CVSS score, as AT:P.