CVE-2025-9064 | THREATINT

Description

A path traversal security issue exists within FactoryTalk View Machine Edition, allowing unauthenticated attackers on the same network as the device to delete any file within the panels operating system. Exploitation of this vulnerability is dependent on the knowledge of filenames to be deleted.

PUBLISHED Reserved 2025-08-15 | Published 2025-10-14 | Updated 2025-10-14 | Assigner Rockwell

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-287: Improper Authentication

Product status

Default status

unaffected

V15.00 and prior

affected

References

www.rockwellautomation.com/...dvisories/advisory.SD1753.html

cve.org (CVE-2025-9064)

nvd.nist.gov (CVE-2025-9064)

Download JSON