SD1754 | Security Advisory | Rockwell Automation

Severity:

High

Advisory ID:

SD1754

Published Date:

October 14, 2025

Last Updated:

October 14, 2025

Revision Number:

1.0

Known Exploited Vulnerability (KEV):

Corrected:

Workaround:

Yes

CVE IDs

CVE-2025-9067 ,

CVE-2025-9068

Downloads

The following link(s) provide the security advisory in Vulnerability Exploitability Exchange format:

JSON

Summary

FactoryTalk® Linx Privilege Escalation Vulnerabilities

The security of our products is important to us as your industrial automation supplier. This security issue was found internally during routine testing and is being reported based on our commitment to customer transparency and improvement of all business environments.

Product Description

FactoryTalk Linx is a modern, secure communications platform that delivers real-time control system data from Allen-Bradley devices to FactoryTalk and third-party software, optimized for Logix 5000 controllers and scalable from small setups to large distributed systems.

Affected products and solution

Affected Product	CVE	Affected Software Version	Corrected in Software Version
FactoryTalk Linx	CVE-2025-9067	6.40 and prior	6.50 and later
FactoryTalk Linx	CVE-2025-9068	6.40 and prior	6.50 and later

Security Issue Details

Category	Details
CVE ID	CVE-2025-9067
Impact	A security issue exists within the x86 Microsoft Installer File (MSI), installed with FTLinx. Authenticated attackers with valid Windows user credentials can initiate a repair and hijack the resulting console window. This allows the launching of a command prompt running with SYSTEM-level privileges, allowing full access to all files, processes, and system resources.
CVSS 3.1 Base Score	7.8/10
CVSS 4.0 Base Score	8.5/10
CWEs	CWE-268: Privilege Chaining
Known Exploited Vulnerability	No (Not listed in KEV database)

Category	Details
CVE ID	CVE-2025-9068
Impact	A security issue exists within the Rockwell Automation Driver Package x64 Microsoft Installer File (MSI) repair functionality, installed with FTLinx. Authenticated attackers with valid Windows Users credentials can initiate a repair and hijack the resulting console window for vbpinstall.exe. This allows the launching of a command prompt running with SYSTEM-level privileges, allowing full access to all files, processes, and system resources.
CVSS 3.1 Base Score	7.8/10
CVSS 4.0 Base Score	8.5/10
CWEs	CWE-268: Privilege Chaining
Known Exploited Vulnerability	No (Not listed in KEV database)

Mitigations and Workarounds

Customers using the affected software should consider installing the Microsoft patch to address the MSI issue and upgrade to version 6.50 or later if possible. Customers using the affected software, who are not able to upgrade to one of the corrected versions, should use our security best practices.

Revision History

Revision	Date	Description
1.0	October 14, 2025	Initial release

Glossary

· MSI: Windows Installer package used to install, update, or remove software on Windows Systems

· SYSTEM-level privileges: access or execution rights equivalent to the Windows operating system's highest authority, allowing full control over all processes, files, and configurations.

Get Up-to-Date Product Security Information

Visit the Rockwell Automation security advisories on the Trust Center page to:

· Subscribe to product security alerts

· Review the current list of Rockwell Automation security advisories

· Report a possible security issue in a Rockwell Automation product

· Learn more about the Rockwell Automation vulnerability policy

Support

If you have any questions regarding the security issue(s) above and how to mitigate them, contact TechConnect for help. More information can be found at Contact Us | Rockwell Automation | US.

If you have any questions regarding this disclosure, please contact PSIRT

Email: rasecure@ra.rockwell.com

Legal Disclaimer

ROCKWELL AUTOMATION DOES NOT WARRANT THE COMPLETENESS, TIMELINESS OR ACCURACY OF ANY OF THE DATA CONTAINED IN THIS WEB SITE AND MAY MAKE CHANGES THERETO AT ANY TIME IN ITS SOLE DISCRETION WITHOUT NOTICE. FURTHER, ALL INFORMATION CONVEYED HEREBY IS PROVIDED TO USERS "AS IS." IN NO EVENT SHALL ROCKWELL BE LIABLE FOR ANY DAMAGES OF ANY KIND INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS PROFIT OR DAMAGE, EVEN IF ROCKWELL AUTOMATION HAVE BEEN ADVISED ON THE POSSIBILITY OF SUCH DAMAGES. ROCKWELL AUTOMATION DISCLAIMS ALL WARRANTIES WHETHER EXPRESSED OR IMPLIED IN RESPECT OF THE INFORMATION (INCLUDING SOFTWARE) PROVIDED HEREBY, INCLUDING THE IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, AND NON-INFRINGEMENT. Note that certain jurisdictions do not countenance the exclusion of implied warranties; thus, this disclaimer may not apply to you.