CVE-2025-9064CRITICAL 9.1EPSS p41.8%

CVE-2025-9064CVE-2025-9064

Description

A path traversal security issue exists within FactoryTalk View Machine Edition, allowing unauthenticated attackers on the same network as the device to delete any file within the panels operating system. Exploitation of this vulnerability is dependent on the knowledge of filenames to be deleted.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS0.55% probability of exploitation · percentile 41.8% · 2026-06-19T12:03:05Z
Published2025-10-14
Last modified2025-10-28

Underlying weaknesses· 2

CWE-287CWE-22

References

  1. https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1753.html

2

TypeTargetConfidenceTier
WeaknessImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')cwe-220%live
WeaknessImproper Authenticationcwe-2870%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-9063
CVE
CVE-2025-14850
CVE
CVE-2025-61934
CVE
CVE-2025-10559
CVE
CVE-2025-25060
CVE
CVE-2025-39202
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.