Database Vulnerability in Rockwell Automation Products
CVE-2025-9364

8.7HIGH

Key Information:

Vendor: Rockwell Automation
Status: Factorytalk® Analytics™ Logixai®
Vendor: CVE Published:; 9 September 2025

🔔 Create Rockwell Automation Vulnerability Alert

What is CVE-2025-9364?

An open database vulnerability exists within Rockwell Automation products, caused by an excessively permissive Redis instance. This flaw enables an attacker on the intranet to potentially access and manipulate sensitive data, posing significant risks to data integrity and confidentiality.

Affected Version(s)

FactoryTalk® Analytics™ LogixAI® Versions 3.00 and 3.01

References

https://www.rockwellautomation.com/en-us/trust-center/sec...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Aug 22, 2025

JSON