CVE-2025-9066 | THREATINT

Description

A security issue was discovered within FactoryTalk® ViewPoint, allowing unauthenticated attackers to achieve XXE. Certain SOAP requests can be abused to perform XXE, resulting in a temporary denial-of-service.

PUBLISHED Reserved 2025-08-15 | Published 2025-10-14 | Updated 2025-10-14 | Assigner Rockwell

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-20: Improper Input Validation

Product status

Default status

unaffected

V14 and prior

affected

References

www.rockwellautomation.com/...advisories/advisory.SD1752html

cve.org (CVE-2025-9066)

nvd.nist.gov (CVE-2025-9066)

Download JSON