CVE-2025-9064 HIGH

CVE-2025-9064: Rockwell Automation FactoryTalk View Machine Edition Path Traversal

Vendor Rockwell Automation
Product FactoryTalk View Machine Edition
Weakness CWE-287 · Improper authentication
Published October 14, 2025
Last update October 14, 2025

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A path traversal security issue exists within FactoryTalk View Machine Edition, allowing unauthenticated attackers on the same network as the device to delete any file within the panels operating system. Exploitation of this vulnerability is dependent on the knowledge of filenames to be deleted.

Key dates

02Disclosure timeline

October 14, 2025 CVE published
October 14, 2025 Record updated