CVE-2025-9437 HIGH

CVE-2025-9437: Rockwell Automation ArmorStart® AOP Denial-of-Service Vulnerability

Vendor Rockwell Automation
Product ArmorStart AOP
Weakness CWE-755
Published October 14, 2025
Last update October 14, 2025

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A security issue exists within the Studio 5000 Logix Designer add-on profile (AOP) for the ArmorStart Classic distributed motor controller, resulting in denial-of-service. This vulnerability is possible due to the input of invalid values into Component Object Model (COM) methods.

Key dates

02Disclosure timeline

October 14, 2025 CVE published
October 14, 2025 Record updated