CVE-2025-2287

CVSS v4.0

8.5

High

Vector

AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: Rockwell Automation Arena (affected versions not specified)

Description: A local code execution issue exists due to an uninitialized pointer, resulting from improper validation of user-supplied data. If exploited, a threat actor can disclose information and execute arbitrary code on the system by opening a malicious DOE file.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Access of Uninitialized Pointer

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-457CWE-824

Related Identifiers

BDU:2025-04779

CVE-2025-2287

Affected Products

Rockwell Automation Arena

CVE-2025-2287

Weakness Enumeration

Related Identifiers

Affected Products

References · 8