CVE-2025-9465
Published: 20 January 2026
Summary
CVE-2025-9465 is a high-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Rockwellautomation Armorstart Lt Firmware. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 34.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).
Deeper analysis
CVE-2025-9465 is a denial-of-service vulnerability affecting ArmorStart® LT devices. The issue manifests as an unexpected device reboot during execution of the Achilles Comprehensive grammar tests, causing the Link State Monitor to go down for several seconds. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is linked to CWE-400 (Uncontrolled Resource Consumption).
A network-accessible attacker requires no privileges or user interaction and can exploit the vulnerability with low attack complexity. Successful exploitation results in a high-impact availability disruption, specifically a temporary denial-of-service condition from the device reboot.
Mitigation guidance is available in the Rockwell Automation security advisory at https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1768.html.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-3426
Vulnerability details
A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles Comprehensive grammar tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several seconds.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables remote exploitation causing device reboot and temporary DoS, matching application/system exploitation for endpoint denial of service.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SC-5 enforces denial-of-service protections that directly mitigate the network-accessible resource exhaustion attack causing device reboot in this CVE.
SC-6 protects resource availability against uncontrolled consumption (CWE-400) exploited to trigger the unexpected reboot and service disruption.
SI-2 ensures timely flaw remediation via vendor patches as provided in the Rockwell Automation advisory for this specific vulnerability.