CVE-2025-13824
Published: 15 December 2025
Summary
CVE-2025-13824 is a high-severity Release of Invalid Pointer or Reference (CWE-763) vulnerability in Rockwellautomation (inferred from references). Its CVSS base score is 8.7 (High).
Operationally, ranked at the 19.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-203385
Vulnerability details
A security issue exists due to improper handling of malformed CIP packets during fuzzing. The controller enters a hard fault with solid red Fault LED and becomes unresponsive. Upon power cycle, the controller will enter recoverable fault where the MS…
more
LED and Fault LED become flashing red and reports fault code 0xF019. To recover, clear the fault.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.