Database Vulnerability in Rockwell Automation Products
CVE-2025-9364

8.7HIGH

Key Information:

Vendor

Rockwell Automation
Status
Factorytalk® Analytics™ Logixai®
Vendor
CVE Published:
9 September 2025

What is CVE-2025-9364?

An open database vulnerability exists within Rockwell Automation products, caused by an excessively permissive Redis instance. This flaw enables an attacker on the intranet to potentially access and manipulate sensitive data, posing significant risks to data integrity and confidentiality.

Affected Version(s)

FactoryTalk® Analytics™ LogixAI® Versions 3.00 and 3.01

References

https://www.rockwellautomation.com/en-us/trust-center/sec...

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-9364 : Database Vulnerability in Rockwell Automation Products