CVE-2025-0659 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-0659 PUBLISHED CVSS 7 HIGH

A path traversal vulnerability exists in the Rockwell Automation DataEdge Platform DataMosaix Private Cloud. By specifying the character sequence in the body of the vulnerable endpoint, it is possible to overwrite files outside of the intended directory. A threat actor with admin privileges could leverage this vulnerability to overwrite reports including user projects.

EPSS 0.09% · 25.3th percentile

Risk Scores

CVSS v4.0

7

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS Score

0.09%

25.3th percentile

Affected Products

Vendor	Product	Versions
Rockwell Automation	DataEdgePlatform DataMosaix™ Private Cloud	<=7.11

Timeline

Jan 22, 2025 CVE ID Reserved
Jan 28, 2025 PoC Published
Jan 28, 2025 CVE Published
Jan 28, 2025 PoC Published
Jan 28, 2025 CVE Updated
Jan 28, 2025 PoC Published
Jan 29, 2025 EPSS Score
Feb 12, 2025 EPSS Score
Feb 17, 2025 Coalition ESS Score
Feb 27, 2025 EPSS Score
Mar 11, 2025 Coalition ESS Score
Mar 13, 2025 EPSS Score

References

Open in Interactive Console →