VDB
CVE-2025-0659
CVE-2025-0659
PUBLISHED
CVSS 7 HIGH
A path traversal vulnerability exists in the Rockwell Automation DataEdge Platform DataMosaix Private Cloud. By specifying the character sequence in the body of the vulnerable endpoint, it is possible to overwrite files outside of the intended directory. A threat actor with admin privileges could leverage this vulnerability to overwrite reports including user projects.
EPSS 0.09% · 25.4th percentile
Risk Scores
CVSS 4.0
7
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
EPSS Score
0.09%
25.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rockwell Automation | DataEdgePlatform DataMosaix™ Private Cloud | * |
Exploit Intelligence
- CIRCL seen: CVE-2025-0659 (circl-sighting)
- CIRCL seen: CVE-2025-0659 (circl-sighting)
- CIRCL seen: CVE-2025-0659 (circl-sighting)
- CIRCL seen: CVE-2025-0659 (circl-sighting)
- https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1715.html (circl)
Timeline
- Jan 22, 2025 CVE ID Reserved
- Jan 28, 2025 PoC Published
- Jan 28, 2025 CVE Published
- Jan 28, 2025 PoC Published
- Jan 28, 2025 CVE Updated
- Jan 28, 2025 PoC Published
- Jan 29, 2025 EPSS Score
- Feb 13, 2025 EPSS Score
- Feb 17, 2025 Coalition ESS Score
- Feb 28, 2025 EPSS Score
- Mar 11, 2025 Coalition ESS Score
- Mar 15, 2025 EPSS Score