CVE-2025-3289

CVSS v4.0

8.5

High

Vector

AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: Rockwell Automation Arena (affected versions not specified)

Description: A local code execution issue exists due to a stack-based memory buffer overflow. This is caused by improper validation of user-supplied data. If exploited, it can lead to information disclosure and execution of arbitrary code on the system. Exploitation requires a legitimate user to open a malicious DOE file.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Stack Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-787

Related Identifiers

BDU:2025-05157

CVE-2025-3289

Affected Products

Rockwell Automation Arena

CVE-2025-3289

Weakness Enumeration

Related Identifiers

Affected Products

References · 6