CVE-2025-11697 HIGH

CVE-2025-11697: Studio 5000 ® Simulation Interface Local Code Execution

Vendor Rockwell Automation

Product Studio 5000 ® Simulation Interface

Weakness CWE-200 · Info exposure

Published November 11, 2025

Last update November 12, 2025

View on NVD All CVEs

CVSS base score

8.9/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

A local code execution security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to extract files using path traversal sequences, resulting in execution of scripts with Administrator privileges on system reboot.

Key dates

02Disclosure timeline

November 11, 2025 CVE published

November 12, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-11697 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

Identifiers

CVE CVE-2025-11697

CWE CWE-200

CVSS 8.9 / HIGH

Affected versions