Rockwell Automation Arena Simulation

All CISA Advisories

November 25, 2025 at 12:00 PM

Phishing CVE Exploit Vulnerability Update Critical

Summary

Rockwell Automation's Arena Simulation software has a stack-based buffer overflow vulnerability that could allow local attackers to execute arbitrary code. The vulnerability, identified as CVE-2025-11918, has a CVSS v4 score of 7.1, indicating a significant risk for affected installations, particularly in critical manufacturing sectors.

Impact

Affected products include Rockwell Automation's Arena Simulation version 16.20.10 and prior.

In the Wild

Timeline

Disclosed on November 25, 2025

Remediation

Users are advised to upgrade Arena Simulation to version 16.20.11 or later. For those unable to upgrade, Rockwell Automation recommends following security best practices. CISA also suggests minimizing network exposure for control systems, using firewalls, and implementing secure remote access methods like VPNs.

Read Original Article