{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T20:52:28.944","vulnerabilities":[{"cve":{"id":"CVE-2025-6377","sourceIdentifier":"PSIRT@rockwellautomation.com","published":"2025-07-09T21:15:28.620","lastModified":"2025-07-11T18:34:12.230","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A remote\ncode execution security issue exists in the Rockwell Automation Arena®.  A crafted DOE\nfile can force Arena Simulation to write beyond the boundaries of an allocated\nobject. Exploitation\nrequires user interaction, such as opening a malicious file within the software.\nIf exploited, a threat actor could execute arbitrary code on the target system.\nThe software must run under the context of the administrator in order to cause\nworse case impact. This is reflected in the Rockwell CVSS score, as AT:P."},{"lang":"es","value":"Existe un problema de seguridad de ejecución remota de código en Rockwell Automation Arena®. Un archivo DOE manipulado puede obligar a Arena Simulation a escribir más allá de los límites de un objeto asignado. Su explotación requiere la interacción del usuario, como abrir un archivo malicioso dentro del software. Si se explota, un atacante podría ejecutar código arbitrario en el sistema objetivo. El software debe ejecutarse bajo el contexto del administrador para causar un impacto aún mayor. Esto se refleja en la puntuación CVSS de Rockwell, como AT:P."}],"metrics":{"cvssMetricV40":[{"source":"PSIRT@rockwellautomation.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"PSIRT@rockwellautomation.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:arena:*:*:*:*:*:*:*:*","versionEndExcluding":"16.20.09","matchCriteriaId":"B1CA47BE-FC9B-41AE-B939-C8FF636596A6"}]}]}],"references":[{"url":"https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1729.html","source":"PSIRT@rockwellautomation.com","tags":["Vendor Advisory"]}]}}]}