CVE-2025-3289: 
NixOS vulnerability analysis and mitigation

A local code execution vulnerability (CVE-2025-3289) was discovered in Rockwell Automation Arena® software, affecting versions 16.20.08 and earlier. The vulnerability was disclosed on April 8, 2025, and is caused by a stack-based memory buffer overflow due to improper validation of user-supplied data (NVD, CISA).

The vulnerability is classified as high severity with a CVSS v4.0 base score of 8.5 (CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N) and CVSS v3.1 base score of 7.8 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The vulnerability is identified as CWE-121 (Stack-based Buffer Overflow) and requires local access to exploit (Rockwell Advisory, CISA).

If successfully exploited, this vulnerability allows an attacker to disclose sensitive information and execute arbitrary code on the affected system. The attack requires a legitimate user to open a malicious DOE file (NVD, CISA).

Rockwell Automation has released version 16.20.09 to address this vulnerability. Users are recommended to upgrade to this version or later. For users unable to upgrade immediately, Rockwell Automation encourages the application of security best practices where possible (Rockwell Advisory).