PatchSiren cyber security CVE debrief
CVE-2025-14272 Rockwell Automation CVE debrief
CVE-2025-14272 is a HIGH-severity vulnerability (CVSS Score: 8.3) affecting an unknown vendor's product, potentially allowing unauthorized actors to execute privileged operations. The issue was published on 2026-06-16T15:16:33.000Z and last modified on 2026-06-16T15:26:04.250Z.
- Vendor
- Rockwell Automation
- Product
- FactoryTalk Analytics PavilionX
- CVSS
- HIGH 8.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-16
Who should care
Security teams and administrators responsible for Pavilion or related systems should be aware of this vulnerability and take necessary actions to mitigate potential risks.
Technical summary
The vulnerability is caused by improper authorization enforcement in API endpoints, potentially allowing unauthorized actors to execute privileged operations, including user/role management and other administrative actions.
Defensive priority
HIGH
Recommended defensive actions
- Review and apply patches or updates from the vendor as soon as available.
- Implement additional security measures, such as monitoring API endpoints for suspicious activity.
- Restrict access to API endpoints to authorized personnel only.
Evidence notes
The vendor is currently listed as 'Unknown Vendor', but evidence suggests a potential connection to Rockwell Automation.
Official resources
-
CVE-2025-14272 CVE record
CVE.org
-
CVE-2025-14272 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2025-14272 was published on 2026-06-16T15:16:33.000Z and last modified on 2026-06-16T15:26:04.250Z.