CVE-2025-9364 | THREATINT

Description

An open database issue exists in the affected product and version. The security issue stems from an over permissive Redis instance. This could result in an attacker on the intranet accessing sensitive data and potential alteration of data.

PUBLISHED Reserved 2025-08-22 | Published 2025-09-09 | Updated 2025-09-09 | Assigner Rockwell

HIGH: 8.7CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere

Product status

Default status

unaffected

Versions 3.00 and 3.01

affected

References

www.rockwellautomation.com/...dvisories/advisory.SD1748.html

cve.org (CVE-2025-9364)

nvd.nist.gov (CVE-2025-9364)

Download JSON