CVE-2025-9161 | THREATINT

Description

A security issue exists within FactoryTalk Optix MQTT broker due to the lack of URI sanitization. This flaw enables the loading of remote Mosquito plugins, which can be used to achieve remote code execution.

PUBLISHED Reserved 2025-08-19 | Published 2025-09-09 | Updated 2025-09-09 | Assigner Rockwell

HIGH: 7.3CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

Product status

Default status

unaffected

All Versions 1.5.0 - 1.5.7

affected

References

www.rockwellautomation.com/...dvisories/advisory.SD1742.html

cve.org (CVE-2025-9161)

nvd.nist.gov (CVE-2025-9161)

Download JSON