CVE-2025-9064

Critical

Published: 14 October 2025

Published

14 October 2025

Modified

28 October 2025

KEV Added

—

Patch

—

CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS Score 0.0051 66.5th percentile

Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-9064 is a critical-severity Improper Authentication (CWE-287) vulnerability in Rockwellautomation Factorytalk View. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 33.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

SI-2 mandates timely flaw remediation and patching, directly addressing this path traversal vulnerability with the vendor-provided patch from Rockwell Automation.

SI-10 Information Input Validation good match

prevent

SI-10 requires validation of information inputs such as file paths, directly preventing path traversal exploits that enable arbitrary file deletion.

SC-7 Boundary Protection good match

prevent

SC-7 enforces boundary protection to monitor and control network communications, blocking unauthenticated attackers on the same network from accessing the vulnerable FactoryTalk service.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1070.004 File Deletion Stealth

Adversaries may delete files left behind by the actions of their intrusion activity.

attack.mitre.org →

Why these techniques?

Unauthenticated network-accessible path traversal enables exploitation of public-facing application (T1190) and arbitrary file deletion (T1070.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A path traversal security issue exists within FactoryTalk View Machine Edition, allowing unauthenticated attackers on the same network as the device to delete any file within the panels operating system. Exploitation of this vulnerability is dependent on the knowledge of…

filenames to be deleted.

Deeper analysisAI

CVE-2025-9064 is a path traversal vulnerability (CWE-22) associated with improper authentication (CWE-287) in FactoryTalk View Machine Edition. This issue allows unauthenticated attackers on the same network as the affected device to delete arbitrary files within the panel's operating system. Exploitation requires knowledge of the specific filenames to target. The vulnerability carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H), reflecting critical severity primarily from high impacts to integrity and availability.

Attackers on the same network can exploit this vulnerability without authentication or user interaction, enabling them to delete any file on the device's operating system if they possess the necessary filename details. This could disrupt HMI panel functionality, corrupt critical system files, or cause operational downtime in industrial environments.

Rockwell Automation has published security advisory SD-1753 at https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1753.html, which provides details on mitigation and available patches for this vulnerability.