Vulnerability Details CVE-2025-3288
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.0%
CVSS Severity
CVSS v3 Score 7.8
References
Products affected by CVE-2025-3288
-
cpe:2.3:a:rockwellautomation:arena:-
-
cpe:2.3:a:rockwellautomation:arena:10.00.00
-
cpe:2.3:a:rockwellautomation:arena:11.00.00
-
cpe:2.3:a:rockwellautomation:arena:12.00.00
-
cpe:2.3:a:rockwellautomation:arena:13.00.00
-
cpe:2.3:a:rockwellautomation:arena:13.50.00
-
cpe:2.3:a:rockwellautomation:arena:13.90.00
-
cpe:2.3:a:rockwellautomation:arena:14.00.00
-
cpe:2.3:a:rockwellautomation:arena:14.00.01
-
cpe:2.3:a:rockwellautomation:arena:14.50.00
-
cpe:2.3:a:rockwellautomation:arena:14.70.00
-
cpe:2.3:a:rockwellautomation:arena:15.00.00
-
cpe:2.3:a:rockwellautomation:arena:15.10.00
-
cpe:2.3:a:rockwellautomation:arena:15.10.01
-
cpe:2.3:a:rockwellautomation:arena:16.00.00
-
cpe:2.3:a:rockwellautomation:arena:16.00.01
-
cpe:2.3:a:rockwellautomation:arena:16.10.00
-
cpe:2.3:a:rockwellautomation:arena:16.20.00
-
cpe:2.3:a:rockwellautomation:arena:16.20.01
-
cpe:2.3:a:rockwellautomation:arena:16.20.02
-
cpe:2.3:a:rockwellautomation:arena:16.20.03
-
cpe:2.3:a:rockwellautomation:arena:16.20.04
-
cpe:2.3:a:rockwellautomation:arena:16.20.05
-
cpe:2.3:a:rockwellautomation:arena:16.20.06
-
cpe:2.3:a:rockwellautomation:arena:16.20.07
-
cpe:2.3:a:rockwellautomation:arena:16.20.08
-
cpe:2.3:a:rockwellautomation:arena:2.00.00
-
cpe:2.3:a:rockwellautomation:arena:2.50.00
-
cpe:2.3:a:rockwellautomation:arena:3.00.00
-
cpe:2.3:a:rockwellautomation:arena:8.01.00
-
cpe:2.3:a:rockwellautomation:arena:9.00.00