Sign-up

ID

VAR-202510-1221


CVE

CVE-2025-9067


DESCRIPTION

A security issue exists within the x86 Microsoft Installer File (MSI), installed with FTLinx. Authenticated attackers with valid Windows user credentials can initiate a repair and hijack the resulting console window. This allows the launching of a command prompt running with SYSTEM-level privileges, allowing full access to all files, processes, and system resources.

Trust: 1.0

sources: NVD: CVE-2025-9067

AFFECTED PRODUCTS

vendor:rockwellautomationmodel:factorytalk linxscope:ltversion:6.50

Trust: 1.0

sources: NVD: CVE-2025-9067

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2025-9067
value: HIGH

Trust: 1.0

PSIRT@rockwellautomation.com: CVE-2025-9067
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2025-9067
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: NVD: CVE-2025-9067 // NVD: CVE-2025-9067

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2025-9067

EXTERNAL IDS

db:NVDid:CVE-2025-9067

Trust: 1.0

sources: NVD: CVE-2025-9067

REFERENCES

url:https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1754.html

Trust: 1.0

sources: NVD: CVE-2025-9067

SOURCES

db:NVDid:CVE-2025-9067

LAST UPDATE DATE

2025-11-18T15:22:37.420000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2025-9067date:2025-10-20T20:16:24.947

SOURCES RELEASE DATE

db:NVDid:CVE-2025-9067date:2025-10-14T13:15:39.943