CVE-2025-9160

Summary

A code execution security issue exists in the affected product. An attacker with physical access could abuse the maintenance menu of the controller with a crafted payload. The security issue can result in arbitrary code execution.

Affected Software

VendorProductVersion RangeStatus
Rockwell AutomationCompactLogix® 5480Version 32 - 37.011 w Windows package (2.1.0) Win10 v1607affected

Weaknesses

  • CWE-306: CWE-306: Missing Authentication for Critical Function

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References