Details of VAR-202507-0593

ID

VAR-202507-0593

CVE

CVE-2025-6377

TITLE

Rockwell Automation of Arena Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2025-008752

DESCRIPTION

A remote code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file within the software. If exploited, a threat actor could execute arbitrary code on the target system. The software must run under the context of the administrator in order to cause worse case impact. This is reflected in the Rockwell CVSS score, as AT:P. Rockwell Automation of Arena Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process

Trust: 2.79

sources: NVD: CVE-2025-6377 // JVNDB: JVNDB-2025-008752 // ZDI: ZDI-25-837 // CNVD: CNVD-2025-19254

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-19254

AFFECTED PRODUCTS

vendor:	rockwellautomation	model:	arena	scope:	lt	version:	16.20.09	Trust: 1.0
vendor:	rockwell automation	model:	arena	scope:	eq	version:	-	Trust: 0.8
vendor:	rockwell automation	model:	arena	scope:	eq	version:	16.20.09	Trust: 0.8
vendor:	rockwell automation	model:	arena	scope:	-	version:	-	Trust: 0.8
vendor:	rockwell automation	model:	arena simulation	scope:	-	version:	-	Trust: 0.7
vendor:	rockwell	model:	automation arena	scope:	-	version:	-	Trust: 0.6

sources: ZDI: ZDI-25-837 // CNVD: CNVD-2025-19254 // JVNDB: JVNDB-2025-008752 // NVD: CVE-2025-6377

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2025-6377
value:	HIGH
Trust: 1.0
PSIRT@rockwellautomation.com:	CVE-2025-6377
value:	HIGH
Trust: 1.0
NVD:	CVE-2025-6377
value:	HIGH
Trust: 0.8
ZDI:	CVE-2025-6377
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2025-19254
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-19254
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2025-6377
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2025-6377
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2025-6377
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-25-837 // CNVD: CNVD-2025-19254 // JVNDB: JVNDB-2025-008752 // NVD: CVE-2025-6377 // NVD: CVE-2025-6377

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	CWE-787	Trust: 1.0
problemtype:	Inappropriate input confirmation (CWE-20) [ others ]	Trust: 0.8
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-008752 // NVD: CVE-2025-6377

PATCH

title:

Rockwell Automation has issued an update to correct this vulnerability.

url:

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1729.html

Trust: 0.7

sources: ZDI: ZDI-25-837

EXTERNAL IDS

db:	NVD	id:	CVE-2025-6377	Trust: 3.9
db:	JVNDB	id:	JVNDB-2025-008752	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-26559	Trust: 0.7
db:	ZDI	id:	ZDI-25-837	Trust: 0.7
db:	CNVD	id:	CNVD-2025-19254	Trust: 0.6

sources: ZDI: ZDI-25-837 // CNVD: CNVD-2025-19254 // JVNDB: JVNDB-2025-008752 // NVD: CVE-2025-6377

REFERENCES

url:	https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1729.html	Trust: 3.1
url:	https://nvd.nist.gov/vuln/detail/cve-2025-6377	Trust: 0.8

sources: ZDI: ZDI-25-837 // CNVD: CNVD-2025-19254 // JVNDB: JVNDB-2025-008752 // NVD: CVE-2025-6377

CREDITS

Simon (@esj4y) Janz

Trust: 0.7

sources: ZDI: ZDI-25-837

SOURCES

db:	ZDI	id:	ZDI-25-837
db:	CNVD	id:	CNVD-2025-19254
db:	JVNDB	id:	JVNDB-2025-008752
db:	NVD	id:	CVE-2025-6377

LAST UPDATE DATE

2025-10-17T23:26:35.937000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-25-837	date:	2025-08-13T00:00:00
db:	CNVD	id:	CNVD-2025-19254	date:	2025-08-22T00:00:00
db:	JVNDB	id:	JVNDB-2025-008752	date:	2025-07-14T06:02:00
db:	NVD	id:	CVE-2025-6377	date:	2025-07-11T18:34:12.230

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-25-837	date:	2025-08-13T00:00:00
db:	CNVD	id:	CNVD-2025-19254	date:	2025-08-22T00:00:00
db:	JVNDB	id:	JVNDB-2025-008752	date:	2025-07-14T00:00:00
db:	NVD	id:	CVE-2025-6377	date:	2025-07-09T21:15:28.620