cbcvebase.
CVE-2025-9064
published 2025-10-14

CVE-2025-9064: A path traversal security issue exists within FactoryTalk View Machine Edition, allowing unauthenticated attackers on the same network as the device to delete…

PriorityP262critical9.1CVSS 3.1
AVNACLPRNUINSUCNIHAH
EPSS
0.55%
42.0th percentile
A path traversal security issue exists within FactoryTalk View Machine Edition, allowing unauthenticated attackers on the same network as the device to delete any file within the panels operating system. Exploitation of this vulnerability is dependent on the knowledge of filenames to be deleted.

Affected

2 ranges
VendorProductVersion rangeFixed in
rockwell_automationfactorytalk_view_machine_edition
rockwellautomationfactorytalk_view<= 15.0

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2025-9064 is a path traversal vulnerability in FactoryTalk View Machine Edition (versions prior to V15.00) allowing unauthenticated network-adjacent attackers to delete arbitrary files on the panel OS. Detection should focus on anomalous file deletion requests traversing directory boundaries sent to the FactoryTalk View ME service.
  • The vulnerability is network-exploitable with no authentication required (AV:N/AC:L/PR:N/UI:N). Monitor for unauthenticated requests to FactoryTalk View ME services originating from unexpected network sources, particularly those containing path traversal sequences (e.g., '../') targeting file deletion operations.
  • Affected platform scope: FactoryTalk View Machine Edition versions prior to V15.00 and PanelView Plus 7 Version V14.100 on ASEM 6300 IPCs. Inventory and flag any unpatched devices (pre-V15.00 / pre-firmware V14.103) exposed on OT network segments.
  • ·Exploitation requires knowledge of specific filenames to be deleted; attackers with prior reconnaissance of the target filesystem layout are at higher risk of successful exploitation.
  • ·The patch for CVE-2025-9064 on ASEM 6300 IPCs requires a specific patch (BF31001) in addition to the V15.00 software update; applying only the software update may be insufficient for that hardware platform.
  • ·No known public exploitation has been reported at time of advisory publication; however, the low attack complexity and no-authentication-required nature of the vulnerability elevates urgency for patching and network segmentation.

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.