Description

A remote code execution security issue exists in the Rockwell Automation Arena®.  A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file within the software. If exploited, a threat actor could execute arbitrary code on the target system. The software must run under the context of the administrator in order to cause worse case impact. This is reflected in the Rockwell CVSS score, as AT:P.

INFO

Published Date :

2025-07-09T20:12:47.647Z

Last Modified :

2025-07-09T20:39:10.481Z

Source :

Rockwell
AFFECTED PRODUCTS

The following products are affected by CVE-2025-6377 vulnerability.

Vendors Products
Rockwellautomation
  • Arena
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-6377.

URL Resource
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1729.html cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact