- Description
- Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. The specific flaw exists within the parsing of DOE files. Local attackers are able to exploit this issue to potentially execute arbitrary code on affected installations of Arena®. Exploiting the vulnerability requires opening a malicious DOE file.
- Source
- PSIRT@rockwellautomation.com
- NVD status
- Analyzed
- Products
- arena
CVSS 4.0
- Type
- Secondary
- Base score
- 7.1
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 7.3
- Impact score
- 5.9
- Exploitability score
- 1.3
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- PSIRT@rockwellautomation.com
- CWE-121
- Hype score
- Not currently trending
CVE-2025-11918 Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. The specific flaw exists within the parsing of DOE files. Local attackers are abl… https://t.co/NGojjgv0L7
@CVEnew
14 Nov 2025
200 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-11918 Rockwell Automation Arena® Stack-Based Buffer Overflow in DOE File Parsing https://t.co/ARnWXnwvya
@VulmonFeeds
14 Nov 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rockwellautomation:arena:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F327DD19-3DD7-4E90-8BD2-294B846987DB",
"versionEndExcluding": "16.20.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]