CVE-2025-0659 Rockwell Automation CVE debrief

Who should care

Rockwell Automation DataMosaix Private Cloud operators, OT/ICS administrators, and security teams responsible for industrial automation environments should prioritize this advisory, especially where administrative access is delegated or broadly available.

Technical summary

CISA’s CSAF advisory (ICSA-25-028-05) describes a path traversal issue in DataMosaix Private Cloud. By supplying a specific character sequence in the body of the vulnerable endpoint, a threat actor with admin privileges could overwrite files outside the intended directory. The affected product entry lists Rockwell Automation DataEdgePlatform DataMosaix Private Cloud <= 7.11, and Rockwell Automation states the issue is fixed in v7.11.01.

Defensive priority

Medium. The vulnerability requires admin privileges, but it enables unauthorized file overwrites in an industrial software product and is already publicly documented with a vendor fix available.

Recommended defensive actions

• Upgrade Rockwell Automation DataEdgePlatform DataMosaix Private Cloud to v7.11.01 or the newest available version.
• Restrict and review administrative access to the platform, since exploitation requires admin privileges.
• Apply Rockwell Automation’s published security best practices for industrial automation control systems.
• Use CISA’s ICS recommended practices to harden related OT/ICS environments.
• Review file-integrity and application logs for unexpected overwrites in reports or user project locations.

Evidence notes

All claims are taken from the supplied CISA CSAF advisory and vendor remediation notes. The advisory was published and modified on 2025-01-28. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N with a CVSS score of 5.5 (Medium). No KEV listing or threat campaign is included in the provided enrichment.

Official resources