CVE-2025-3287: 
NixOS vulnerability analysis and mitigation

CVE-2025-3287 is a local code execution vulnerability discovered in Rockwell Automation Arena® software, disclosed on April 8, 2025. The vulnerability affects Arena versions 16.20.08 and prior, stemming from a stack-based memory buffer overflow due to improper validation of user-supplied data. The vulnerability was reported by security researcher Michael Heinzl (CISA Advisory).

The vulnerability is characterized by a threat actor being able to read outside of the allocated memory buffer, classified as CWE-125 (Out-of-bounds Read). It has received a CVSS v3.1 base score of 7.8 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and a CVSS v4.0 base score of 8.5 (CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N), indicating high severity (Rockwell Advisory).

If successfully exploited, this vulnerability allows a threat actor to disclose information and execute arbitrary code on the affected system. The vulnerability requires a legitimate user to open a malicious DOE file for exploitation (NVD).

Rockwell Automation has released version 16.20.09 to address this vulnerability. Users are recommended to upgrade to this version or later. No workarounds are available for this vulnerability (Rockwell Advisory).