MFA Bypass Vulnerability in DataMosaix™ Private Cloud by Rockwell Automation
CVE-2025-11084

7.6HIGH

Key Information:

Vendor: Rockwell Automation
Status: Factorytalk® Datamosaix™ Private Cloud
Vendor: CVE Published:; 11 November 2025

🔔 Create Rockwell Automation Vulnerability Alert

What is CVE-2025-11084?

A security flaw has been identified in the DataMosaix™ Private Cloud platform that permits attackers to bypass Multi-Factor Authentication (MFA) during the initial setup phase. This vulnerability arises when MFA is enabled but is not finalized within a specified 7-day period, enabling unauthorized individuals to acquire a valid login-token cookie without needing the user's password. This significant security issue emphasizes the importance of completing MFA setups promptly to mitigate potential risks.

Affected Version(s)

FactoryTalk® DataMosaix™ Private Cloud 7.11, 8.00, 8.01

References

https://www.rockwellautomation.com/en-us/trust-center/sec...

CVSS V4

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Sep 26, 2025

JSON