Rockwell Lifecycle Services Vulnerable to Cisco CVE-2025-20352
Act Now7.7SD1750Oct 2, 2025
Summary
Rockwell Automation Lifecycle Services is vulnerable to a Cisco vulnerability (CVE-2025-20352). The vulnerability affects all versions of Lifecycle Services with no patch currently available. This is an actively exploited vulnerability in the wild.
What this means
What could happen
An attacker could exploit this vulnerability to gain unauthorized access to or control of Rockwell Lifecycle Services systems, potentially disrupting plant operations, process visibility, or asset management functionality that supports industrial control systems.
Who's at risk
Plant engineering teams, operations staff, and maintenance personnel who rely on Rockwell Lifecycle Services for asset management, lifecycle tracking, or integration with PLCs, drives, and industrial control systems. This affects manufacturing facilities, utilities, and any site using Rockwell Automation equipment that depends on Lifecycle Services for operational support.
How it could be exploited
An attacker can exploit CVE-2025-20352 through Lifecycle Services to gain remote code execution or unauthorized access. The attack likely requires network access to the affected Lifecycle Services instance, and since this is actively exploited (KEV status), exploitation code is publicly available or being used in the wild.
Prerequisites
- Network access to Rockwell Lifecycle Services instance
- Lifecycle Services deployed and accessible from attacker's network
- Specific vulnerability conditions (detailed technical trigger not specified in advisory)
actively exploited (KEV)remotely exploitablehigh CVSS (7.7)no patch availableaffects operational technology visibility and asset management
Exploitability
Actively exploited — confirmed by CISA KEV
Affected products (1)
ProductAffected VersionsFix Status
Lifecycle Services VulnerableAll versionsNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/5WORKAROUNDImmediately restrict network access to Rockwell Lifecycle Services to only authorized engineering workstations and control systems; implement firewall rules to limit inbound connections
HARDENINGIsolate Lifecycle Services systems from the plant floor network if operationally feasible; segment it to a separate engineering VLAN with restricted access
HARDENINGMonitor Lifecycle Services logs and network traffic for suspicious access attempts or unusual authentication patterns
HOTFIXContact Rockwell Automation support for patch availability timeline and interim mitigations specific to your environment
HOTFIXApply patches from Rockwell Automation immediately upon release to all Lifecycle Services instances
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/6e7d580c-440f-4479-8198-69fbbc346e33