Remote Code Execution Vulnerability in FactoryTalk Optix MQTT Broker by Rockwell Automation
CVE-2025-9161
7.3HIGH
Key Information:
- Vendor
Rockwell Automation
- Status
- Vendor
- CVE Published:
- 9 September 2025
What is CVE-2025-9161?
A security flaw has been identified in the FactoryTalk Optix MQTT broker, arising from inadequate URI sanitization. This vulnerability presents an opportunity for malicious actors to load remote Mosquito plugins, potentially paving the way for remote code execution. Organizations utilizing FactoryTalk Optix should assess their systems to mitigate possible risks associated with this vulnerability.
Affected Version(s)
FactoryTalk Optix All Versions 1.5.0 - 1.5.7