API Token Exposure in Rockwell Automation's Runtime Event System
CVE-2025-9036

8.5HIGH

Key Information:

Vendor: Rockwell Automation
Status: Factorytalk® Action Manager
Vendor: CVE Published:; 14 August 2025

🔔 Create Rockwell Automation Vulnerability Alert

What is CVE-2025-9036?

The runtime event system developed by Rockwell Automation contains a vulnerability that permits unauthenticated connections to obtain a reusable API token. This token, which is transmitted over a WebSocket connection, can be intercepted by any local client capable of listening in on that connection. This exposure presents a significant risk, as the captured token may be used to gain unauthorized access to services and sensitive data.

Affected Version(s)

FactoryTalk® Action Manager Version 1.0.0 or below

References

https://www.rockwellautomation.com/en-us/trust-center/sec...

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 14, 2025
Vulnerability Reserved
Aug 14, 2025