CVE-2025-11084
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-11
Last updated on: 2025-11-11
Assigner: Rockwell Automation
Description
Description
A security issue exists within DataMosaix™ Private Cloud, allowing attackers to bypass MFA during setup and obtain a valid login-token cookie without knowing the users password. This vulnerability occurs when MFA is enabled but not completed within a 7-day period.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rockwellautomation | datamosaix_private_cloud | 4.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-1390 | The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in DataMosaix™ Private Cloud allows attackers to bypass multi-factor authentication (MFA) during the setup process. Specifically, if MFA is enabled but not completed within a 7-day period, an attacker can obtain a valid login-token cookie without knowing the user's password.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability could gain unauthorized access to user accounts by bypassing MFA, potentially leading to unauthorized access to sensitive data or systems without needing the user's password.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70