CVE-2025-2288

Name of the Vulnerable Software and Affected Versions: Rockwell Automation Arena (affected versions not specified)

Description: A local code execution issue exists due to a threat actor being able to write outside of the allocated memory buffer. This is a result of improper validation of user-supplied data. If exploited, a threat actor can disclose information and execute arbitrary code on the system. To exploit the issue, a legitimate user must open a malicious DOE file.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this issue.