CVE-2025-9067

HIGH

FTLinx - Privilege Escalation

Title source: llm

Description

A security issue exists within the x86 Microsoft Installer File (MSI), installed with FTLinx. Authenticated attackers with valid Windows user credentials can initiate a repair and hijack the resulting console window. This allows the launching of a command prompt running with SYSTEM-level privileges, allowing full access to all files, processes, and system resources.

References (1)

[Vendor Advisory] https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1754.html

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 1.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-269

Status published

Products (1)

rockwellautomation/factorytalk_linx < 6.50

Published Oct 14, 2025

Tracked Since Feb 18, 2026