CVE-2025-0659
Path Traversal and Rockwell Automation Third-party Vulnerability in DataMosaix™ Private Cloud
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
28 ene 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A path
traversal vulnerability exists in the Rockwell Automation DataEdge Platform DataMosaix Private Cloud. By specifying the character
sequence in the body of the vulnerable endpoint, it is possible to overwrite
files outside of the intended directory. A threat actor with admin privileges could
leverage this vulnerability to overwrite reports including user projects.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
Productos afectados
Rockwell Automation · DataEdgePlatform DataMosaix™ Private Cloud¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →