CVE-2025-11918
published 2025-11-14CVE-2025-11918: Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. The specific flaw exists within the parsing of DOE files. Local attackers…
PriorityP340high7.3CVSS 3.1
AVLACLPRLUIRSUCHIHAH
EPSS
0.13%
3.2th percentile
Rockwell Automation Arena® suffers from a
stack-based buffer overflow vulnerability. The specific flaw exists within the
parsing of DOE files. Local attackers are able to exploit this issue to
potentially execute arbitrary code on affected installations of Arena®. Exploiting
the vulnerability requires opening a malicious DOE file.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwell_automation | arena_simulation | — | — |
| rockwellautomation | arena | < 16.20.11 | 16.20.11 |
CVSS provenance
nvdv3.17.3HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
nvdv4.07.1HIGHCVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qwg2-xh56-jqw6: Rockwell Automation Arena® suffers from a
stack-based buffer overflow vulnerability
ghsa_unreviewed·2025-11-14
CVE-2025-11918 [HIGH] CWE-121 GHSA-qwg2-xh56-jqw6: Rockwell Automation Arena® suffers from a
stack-based buffer overflow vulnerability
Rockwell Automation Arena® suffers from a
stack-based buffer overflow vulnerability. The specific flaw exists within the
parsing of DOE files. Local attackers are able to exploit this issue to
potentially execute arbitrary code on affected installations of Arena®. Exploiting
the vulnerability requires opening a malicious DOE file.
CISA ICS
Rockwell Automation Arena Simulation
cisa_ics·2025-11-25·CVSS 7.3
[HIGH] Rockwell Automation Arena Simulation
ICS Advisory
##
Rockwell Automation Arena Simulation
Release DateNovember 25, 2025
Alert CodeICSA-25-329-02
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 7.1
- ATTENTION: Exploitable from a local network
- Vendor: Rockwell Automation
- Equipment: Arena Simulation
- Vulnerability: Stack-based Buffer Overflow
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow local attackers to execute arbitrary code on affected installations of Arena.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following Rockwell Automation products are affected:
- Arena Simulation: Version 16.20.10 and prior
## 3.2 VULNERABILITY OVERVIEW
## 3.2.1 STACK-BASED BU
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-11-14
Published