CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-0659: Path Traversal and Rockwell Automation Third-party Vulnerability in DataMosaix™ Private Cloud

7.0 CVSS

Description

A path
traversal vulnerability exists in the Rockwell Automation DataEdge Platform DataMosaix Private Cloud. By specifying the character
sequence in the body of the vulnerable endpoint, it is possible to overwrite
files outside of the intended directory. A threat actor with admin privileges could
leverage this vulnerability to overwrite reports including user projects.

Classification

CVE ID: CVE-2025-0659

CVSS Base Severity: HIGH

CVSS Base Score: 7.0

Affected Products

Vendor: Rockwell Automation

Product: DataEdgePlatform DataMosaix™ Private Cloud

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.77% (scored less or equal to compared to others)

EPSS Date: 2025-02-27 (when was this score calculated)

References

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1715.html

Timeline

2025-01-29 10:30:10 UTC
CVE

Path Traversal and Rockwell Automation Third-party Vulnerability in DataMosaix™ Private Cloud