CVE-2025-9063
BaseFortify
Publication date: 2025-10-14
Last updated on: 2025-10-28
Assigner: Rockwell Automation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rockwellautomation | factorytalk_view | to 15.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9063 is an authentication bypass vulnerability in the FactoryTalk View Machine Edition Web Browser ActiveX control used in PanelView Plus 7 Performance Series B devices. This flaw allows an attacker to bypass authentication controls and gain unauthorized access to the device, including its file system, diagnostic information, event logs, and other sensitive data. [1]
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to unauthorized access to critical system components of the PanelView Plus 7 Series B device. An attacker could retrieve sensitive diagnostic information, access event logs, and manipulate the file system, potentially compromising the integrity and confidentiality of the system and disrupting its normal operation. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate CVE-2025-9063, immediately upgrade the PanelView Plus 7 Performance Series B firmware to version V14.103 (package 9701M-VWSTNMT). If upgrading is not possible, remove the FactoryTalk View Machine Edition Web Browser ActiveX control to prevent unauthorized access. Additionally, follow Rockwell Automation's security best practices and subscribe to their security alerts for ongoing support. [1]