CVE-2025-9064
CRITICAL WAF: High
CVSS 9.1
Published: 2025-10-14
CWE-287 CWE-22
A path traversal security issue exists within FactoryTalk View Machine Edition, allowing unauthenticated attackers on the same network as the device to delete any file within the panels operating system. Exploitation of this vulnerability is dependent on the knowledge of filenames to be deleted.
WAF Coverage Analysis
Improper Authentication
Low WAF Coverage
OWASP: A07:2021 Identification and Authentication Failures
Path Traversal
High WAF Coverage
OWASP: A01:2021 Broken Access Control
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| rockwellautomation | factorytalk_view | up to 15.0 |
References
- www.rockwellautomation.com (Vendor Advisory)