Platform
windows
Component
factorytalk-linx-driver-package
Fixed in
6.40.1
CVE-2025-9068 describes a privilege escalation vulnerability within the FactoryTalk Linx Driver Package. An attacker with valid Windows user credentials can exploit this flaw during the MSI repair process, hijacking the console window and executing commands with SYSTEM privileges. This vulnerability affects versions of the Driver Package up to and including 6.40, and a fix is available in version 6.40.1.
Successful exploitation of CVE-2025-9068 allows an attacker to achieve SYSTEM-level access to the affected machine. This grants them complete control over the system, including the ability to read, modify, and delete files, install malware, and compromise other connected systems. The attacker could potentially exfiltrate sensitive data, disrupt operations, or use the compromised system as a launchpad for further attacks within the network. The impact is significant due to the potential for widespread damage and data loss.
CVE-2025-9068 was publicly disclosed on 2025-10-14. The EPSS score is pending evaluation. Currently, there are no publicly available proof-of-concept exploits. This vulnerability is not yet listed on the CISA KEV catalog, but its potential for SYSTEM-level compromise warrants close monitoring.
Exploit Status
EPSS
0.01% (1% percentile)
CISA SSVC
The primary mitigation for CVE-2025-9068 is to upgrade the FactoryTalk Linx Driver Package to version 6.40.1 or later. If an immediate upgrade is not feasible, consider restricting access to the MSI repair functionality and closely monitoring user activity. While a direct workaround isn't available, implementing robust user access controls and regularly auditing system logs can help detect and prevent unauthorized attempts to exploit this vulnerability. After upgrading, verify the fix by attempting a repair installation and confirming that the console window cannot be hijacked.
Actualice FactoryTalk Linx a la versión más reciente proporcionada por Rockwell Automation. Consulte el aviso de seguridad SD1754 en el Centro de Confianza de Rockwell Automation para obtener más detalles e instrucciones específicas de actualización.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-9068 is a vulnerability allowing authenticated attackers to gain SYSTEM privileges during the MSI repair process of the FactoryTalk Linx Driver Package, potentially leading to full system control.
You are affected if you are using FactoryTalk Linx Driver Package versions 6.40 and prior. Upgrade to 6.40.1 or later to mitigate the risk.
Upgrade the FactoryTalk Linx Driver Package to version 6.40.1 or later. If immediate upgrade is not possible, restrict access to the MSI repair functionality.
Currently, there are no publicly known active exploitation campaigns, but the vulnerability's potential impact warrants vigilance.
Refer to the official Rockwell Automation security advisory for detailed information and updates regarding CVE-2025-9068.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.