CVE-2025-9065 | THREATINT

Description

A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer® service account NTLM hash.

PUBLISHED Reserved 2025-08-15 | Published 2025-09-09 | Updated 2025-09-09 | Assigner Rockwell

HIGH: 8.6CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-610: Externally Controlled Reference to a Resource in Another Sphere

Product status

Default status

unaffected

13.0 - 14.0

affected

References

www.rockwellautomation.com/...dvisories/advisory.SD1743.html

cve.org (CVE-2025-9065)

nvd.nist.gov (CVE-2025-9065)

Download JSON