CVE-2025-11918 PUBLISHED

Rockwell Automation Arena® Simulation Stack-Based Buffer Overflow Vulnerability

Assigner: Rockwell
Reserved: 17.10.2025 Published: 14.11.2025 Updated: 14.11.2025

Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. The specific flaw exists within the parsing of DOE files. Local attackers are able to exploit this issue to potentially execute arbitrary code on affected installations of Arena®. Exploiting the vulnerability requires opening a malicious DOE file.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 7.1

Product Status

Vendor Rockwell Automation
Product Arena® Simulation
Versions Default: unaffected
  • Version Version 16.20.10 and prior is affected

Solutions

Upgrade to version 16.20.11 and later

References

Problem Types

  • CWE-121: Stack-based Buffer Overflow CWE