CVE-2025-6377 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2025-6377?

CVE-2025-6377 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-6377?

Check the references section above for vendor advisories and patch information. Affected products include: Rockwellautomation Arena.

Vulnerability Description

A remote code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file within the software. If exploited, a threat actor could execute arbitrary code on the target system. The software must run under the context of the administrator in order to cause worse case impact. This is reflected in the Rockwell CVSS score, as AT:P.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Rockwellautomation	Arena	< 16.20.09

Related Weaknesses (CWE)

CWE-20 CWE-787

References

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisoVendor Advisory

FAQ

What is CVE-2025-6377?

CVE-2025-6377 is a vulnerability with a CVSS score of 7.8 (HIGH). A remote code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requ...

How severe is CVE-2025-6377?

CVE-2025-6377 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-6377?

Check the references section above for vendor advisories and patch information. Affected products include: Rockwellautomation Arena.