CVE-2025-9064

Rockwell Automation FactoryTalk View Machine Edition Path Traversal

CVSS 8.7 HIGHEPSS 0.6%CWE-287

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.7EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

14 Oct 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A path traversal security issue exists within FactoryTalk View Machine Edition, allowing unauthenticated attackers on the same network as the device to delete any file within the panels operating system. Exploitation of this vulnerability is dependent on the knowledge of filenames to be deleted.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected products

Rockwell Automation · FactoryTalk View Machine Edition

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1753.html