CVE-2025-3617 HIGH

CVE-2025-3617: Local Privilege Escalation in ThinManager®

Vendor Rockwell Automation
Product ThinManager®
Published April 15, 2025
Last update April 17, 2025

CVSS base score

8.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A privilege escalation vulnerability exists in the Rockwell Automation ThinManager. When the software starts up, files are deleted in the temporary folder causing the Access Control Entry of the directory to inherit permissions from the parent directory. If exploited, a threat actor could inherit elevated privileges.

Key dates

02Disclosure timeline

April 15, 2025 CVE published
April 17, 2025 Record updated