Sign-up

ID

VAR-202508-1391


CVE

CVE-2025-7972


DESCRIPTION

A security issue exists within the FactoryTalk Linx Network Browser. By modifying the process.env.NODE_ENV to ‘development’, the attacker can disable FTSP token validation. This bypass allows access to create, update, and delete FTLinx drivers.

Trust: 1.0

sources: NVD: CVE-2025-7972

AFFECTED PRODUCTS

vendor:rockwellautomationmodel:factorytalk linxscope:ltversion:6.50

Trust: 1.0

sources: NVD: CVE-2025-7972

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2025-7972
value: CRITICAL

Trust: 1.0

PSIRT@rockwellautomation.com: CVE-2025-7972
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2025-7972
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

sources: NVD: CVE-2025-7972 // NVD: CVE-2025-7972

PROBLEMTYPE DATA

problemtype:CWE-286

Trust: 1.0

sources: NVD: CVE-2025-7972

EXTERNAL IDS

db:NVDid:CVE-2025-7972

Trust: 1.0

sources: NVD: CVE-2025-7972

REFERENCES

url:https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1735.html

Trust: 1.0

sources: NVD: CVE-2025-7972

SOURCES

db:NVDid:CVE-2025-7972

LAST UPDATE DATE

2025-11-18T15:22:38.943000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2025-7972date:2025-10-29T20:30:16.047

SOURCES RELEASE DATE

db:NVDid:CVE-2025-7972date:2025-08-14T15:15:42.413