Improper Authorization Vulnerability in Pavilion by Rockwell Automation
CVE-2025-14272

8.3HIGH

Key Information:

Vendor: Rockwell Automation
Status: Factorytalk Analytics Pavilionx
Vendor: CVE Published:; 16 June 2026

🔔 Create Rockwell Automation Vulnerability Alert

What is CVE-2025-14272?

A security issue has been detected in Pavilion resulting from insufficient enforcement of authorization protocols within its API endpoints. This weakness may enable unauthorized individuals to carry out privileged actions, such as managing users and roles or executing other administrative tasks without proper permissions. Such vulnerabilities can pose significant risks by compromising the integrity and security of user data and system operations.

Affected Version(s)

FactoryTalk Analytics PavilionX 7.0

References

https://www.rockwellautomation.com/en-us/trust-center/sec...

CVSS V4

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2026
Vulnerability Reserved
Dec 8, 2025

CVE-2025-14272 Data

JSON