CVE-2025-14272
Awaiting Analysis Awaiting Analysis - Queue
Improper Authorization in Pavilion Allows Privileged Actions

Publication date: 2026-06-16

Last updated on: 2026-06-16

Assigner: Rockwell Automation

Description
A security issue was identified in Pavilion due to improper authorization enforcement in API endpoints. This vulnerability can allow an unauthorized actor to execute privileged operations, including user/role management and other administrative actions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-16
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-06-16
EPSS Evaluated
N/A
NVD
CVE-2025-14272
EUVD
EUVD-2025-210169
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
rockwell_automation factorytalk_analytics_pavilionx to 7.01 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-14272 is a high-severity security vulnerability in Rockwell Automation's FactoryTalk Analytics PavilionX platform. It arises from improper authorization enforcement in the API endpoints, which means that unauthorized users can bypass security controls.

This flaw allows unauthorized actors to perform privileged operations, including managing users and roles as well as other administrative actions that should normally be restricted.

Impact Analysis

The vulnerability can lead to unauthorized access to administrative functions within the PavilionX platform. This could allow attackers to change user roles, add or remove users, and perform other privileged operations without permission.

Such unauthorized actions could compromise the security and integrity of the industrial analytics environment, potentially disrupting operations or exposing sensitive data.

Detection Guidance

There are no specific detection commands or methods provided in the available information for identifying this vulnerability on your network or system.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade Rockwell Automation's FactoryTalk Analytics PavilionX from version 7.00 to the corrected version 7.01.

This update addresses the improper authorization enforcement in API endpoints that allows unauthorized privileged operations.

Additionally, monitor for any unusual administrative activity and restrict access to the affected API endpoints until the update is applied.

Compliance Impact

The vulnerability involves improper authorization enforcement in API endpoints, allowing unauthorized actors to perform privileged operations such as user and role management. This type of security issue can potentially lead to unauthorized access to sensitive data or administrative functions.

While the provided information does not explicitly mention compliance with standards like GDPR or HIPAA, unauthorized privileged access could result in violations of these regulations due to potential exposure or manipulation of personal or sensitive data.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14272. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart