CVE-2025-6377

Name of the Vulnerable Software and Affected Versions: Rockwell Automation Arena® (affected versions not specified)

Description: A security issue allows for remote code execution in Rockwell Automation Arena®. A specially crafted DOE file can cause Arena Simulation to write beyond allocated object boundaries. Exploitation requires user interaction, such as opening a malicious file. Successful exploitation could allow a threat actor to execute arbitrary code on the target system. The software must be running with administrator privileges to achieve the worst-case impact.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.