CVE-2025-9064
Published: 14 October 2025
Description
Adversaries may delete files left behind by the actions of their intrusion activity.
Security Summary
CVE-2025-9064 is a path traversal vulnerability (CWE-22) associated with improper authentication (CWE-287) in FactoryTalk View Machine Edition. This issue allows unauthenticated attackers on the same network as the affected device to delete arbitrary files within the panel's operating system. Exploitation requires knowledge of the specific filenames to target. The vulnerability carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H), reflecting critical severity primarily from high impacts to integrity and availability.
Attackers on the same network can exploit this vulnerability without authentication or user interaction, enabling them to delete any file on the device's operating system if they possess the necessary filename details. This could disrupt HMI panel functionality, corrupt critical system files, or cause operational downtime in industrial environments.
Rockwell Automation has published security advisory SD-1753 at https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1753.html, which provides details on mitigation and available patches for this vulnerability.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Unauthenticated network-accessible path traversal enables exploitation of public-facing application (T1190) and arbitrary file deletion (T1070.004).