Vulnerability Database

318,206

Total vulnerabilities in the database

CVE-2025-11696

A local server-side request forgery (SSRF) security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to trigger outbound SMB requests, enabling the capture of NTLM hashes.

Published: Nov 11, 2025
Updated: Nov 12, 2025
CVE: CVE-2025-11696
Exploit:

No technical information available.

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

No affected software listed.

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1760.html

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo