High

DoS via resource exhaustion/memory leak in Rockwell Automation ControlLogix Redundancy Enhanced Modules (1756-RM2/1756-RM2XT)

IdentifiersCVE-2025-14027CWE-401· Missing Release of Memory after…

CVE-2025-14027 is a set of denial-of-service conditions affecting Rockwell Automation ControlLogix Redundancy Enhanced Modules, catalog numbers 1756-RM2 and 1756-RM2XT, across all firmware versions. The issues can be triggered remotely via crafted inputs, including malformed Class 3 messages, as well as memory leak conditions and other resource-exhaustion scenarios (CWE-401). Successful exploitation can cause the module/device to become unresponsive and, in some cases, enter a major nonrecoverable fault state; recovery may require a restart.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Remote denial of service against affected ControlLogix Redundancy Enhanced Modules: the device may become unresponsive, and in some cases may experience a major nonrecoverable fault condition. Operational recovery may require restarting the affected device/module, potentially causing loss of availability for impacted control functions.

Mitigation

If you can’t patch tonight, do this now.

Per CISA guidance: minimize network exposure of control system devices and ensure they are not internet-accessible; place control system networks/remote devices behind firewalls and isolate them from business networks; use secure remote access methods (e.g., VPN) and keep them updated.

Remediation

Patch, then assume compromise.

Apply the vendor-provided remediation as specified in Rockwell Automation advisory SD1769 for the affected 1756-RM2 and 1756-RM2XT modules (all firmware versions are listed as affected in the provided content).

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

ACTIVITY FEED

Recent activity

5 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

5 SOURCESView more in app

cvefeed high severityNews

Jan 20, 2026

CVE-2025-14027 - Rockwell Automation Recommends Upgrading From 1756-RM2 XT To 1756-RM3 XT

A set of denial-of-service issues in a Rockwell Automation affected product that can be triggered via crafted inputs (including malformed Class 3 messages), memory leaks, and resource exhaustion, potentially rendering the device unresponsive and possibly causing a major nonrecoverable fault requiring restart.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity3