Cyber Resilience

CVE-2025-9280

HighDDoS

Published: 20 January 2026

Published
20 January 2026
Modified
02 February 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0041 33.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-9280 is a high-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Rockwellautomation Armorstart Lt Firmware. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 33.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).

Deeper analysis

CVE-2025-9280 is a vulnerability within ArmorStart® LT that can result in a denial-of-service condition. The issue was identified through fuzzing performed using Defensics, which causes the device to become unresponsive and requires a reboot to recover. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is linked to CWE-400 (Uncontrolled Resource Consumption).

The vulnerability is exploitable over the network by unauthenticated attackers with low attack complexity and no user interaction required. Successful exploitation achieves high-impact disruption to availability, rendering the ArmorStart® LT device unresponsive without affecting confidentiality or integrity.

Mitigation details are provided in the Rockwell Automation security advisory SD1768, available at https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1768.html.

EU & UK References

Vulnerability details

A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. Fuzzing performed using Defensics causes the device to become unresponsive, requiring a reboot.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Direct mapping to application/system exploitation causing DoS via resource exhaustion over network (CWE-400).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-9283Same product: Rockwellautomation Armorstart Lt
CVE-2025-9464Same product: Rockwellautomation Armorstart Lt
CVE-2025-9278Same product: Rockwellautomation Armorstart Lt
CVE-2025-9466Same product: Rockwellautomation Armorstart Lt
CVE-2025-9465Same product: Rockwellautomation Armorstart Lt
CVE-2025-9279Same product: Rockwellautomation Armorstart Lt
CVE-2025-9282Same product: Rockwellautomation Armorstart Lt
CVE-2025-9281Same product: Rockwellautomation Armorstart Lt
CVE-2024-57076Shared CWE-400
CVE-2025-25293Shared CWE-400

Affected Assets

rockwellautomation
armorstart lt firmware
≤ 2.002

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly protects against or limits effects of network-based denial-of-service events like the fuzzing-induced unresponsiveness in CVE-2025-9280.

prevent

Ensures availability of critical resources such as processing power and memory to counter CWE-400 uncontrolled resource consumption causing device DoS.

prevent

Mandates timely flaw remediation and patching for vulnerabilities like CVE-2025-9280 as detailed in the vendor security advisory SD1768.

References