XXE Vulnerability in FactoryTalk® ViewPoint by Rockwell Automation
CVE-2025-9066
8.7HIGH
Key Information:
- Vendor
Rockwell Automation
- Status
- Vendor
- CVE Published:
- 14 October 2025
What is CVE-2025-9066?
A security issue in FactoryTalk® ViewPoint allows unauthenticated attackers to exploit XML External Entity (XXE) vulnerabilities through specific SOAP requests. This exploitation can result in unauthorized access and lead to temporary denial-of-service conditions, affecting system availability and integrity. It is crucial for users to review their security measures and apply necessary patches to safeguard against such vulnerabilities.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
FactoryTalk ViewPoint V14 and prior
References
CVSS V4
Score:
8.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved