Persistent XSS Vulnerability in DataMosaix™ Private Cloud by Rockwell Automation
CVE-2025-11085

8.6HIGH

Key Information:

Vendor: Rockwell Automation
Status: Factorytalk® Datamosaix™ Private Cloud
Vendor: CVE Published:; 11 November 2025

🔔 Create Rockwell Automation Vulnerability Alert

What is CVE-2025-11085?

A persistent cross-site scripting vulnerability in DataMosaix™ Private Cloud allows attackers to inject malicious JavaScript code. This security flaw can lead to severe consequences including account takeover, theft of user credentials, and potentially redirecting users to harmful websites. Proper safeguards must be implemented to mitigate the risks associated with this vulnerability.

Affected Version(s)

FactoryTalk® DataMosaix™ Private Cloud 7.11, 8.00

References

https://www.rockwellautomation.com/en-us/trust-center/sec...

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Sep 26, 2025

JSON