CVE-2025-2285

CVSS v4.0

8.5

High

Vector

AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: Rockwell Automation Arena (affected versions not specified)

Description: A local code execution issue exists due to an uninitialized pointer, resulting from improper validation of user-supplied data. This allows a threat actor to disclose information and execute arbitrary code on the system. Exploitation occurs when a legitimate user opens a malicious DOE file.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Access of Uninitialized Pointer

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-457CWE-824

Related Identifiers

BDU:2025-04782

CVE-2025-2285

Affected Products

Rockwell Automation Arena

CVE-2025-2285

Weakness Enumeration

Related Identifiers

Affected Products

References · 9