CVE-2025-11918

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-11918

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-11918.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-11918

Published

2025-11-14T14:15:45.993Z

Modified

2026-03-12T17:35:26.854271Z

Severity

7.3 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. The specific flaw exists within the parsing of DOE files. Local attackers are able to exploit this issue to potentially execute arbitrary code on affected installations of Arena®. Exploiting the vulnerability requires opening a malicious DOE file.

References

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1763.html

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-11918.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "16.20.11"
            }
        ]
    }
]