CVE-2025-0659
Path Traversal and Rockwell Automation Third-party Vulnerability in DataMosaix™ Private Cloud
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
28 Jan 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A path
traversal vulnerability exists in the Rockwell Automation DataEdge Platform DataMosaix Private Cloud. By specifying the character
sequence in the body of the vulnerable endpoint, it is possible to overwrite
files outside of the intended directory. A threat actor with admin privileges could
leverage this vulnerability to overwrite reports including user projects.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
Affected products
Rockwell Automation · DataEdgePlatform DataMosaix™ Private CloudWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →