CVE-2025-14272

N/A

View CSAF Summary Successful exploitation of this vulnerability could result in an attacker executing privileged operations. The following versions of Rockwell Automation FactoryTalk Analytics Pavi...

Affects 0 products across 1 vendor.

CVSS v48.3
EPSS0.2%
Percentile14th
PatchUnknown
CWE Weakness Definitions
CWE-862: Missing Authorization

Software does not check whether an authenticated actor has permission for the requested operation.

◆ SAGE Intelligence — CITED Relevance Research Team

Rockwell Automation FactoryTalk Analytics PavilionX versions prior to 7.01 contain a Missing Authorization vulnerability (CVE-2025-14272, CVSS 7.0) that allows an attacker to execute privileged operations without proper authorization checks. An authenticated or potentially unauthenticated attacker could leverage this flaw to perform administrative actions within the analytics platform, potentially manipulating process data, altering analytics models, or pivoting to connected OT systems. In OT environments, this poses significant risk as PavilionX is deployed in critical manufacturing sectors where unauthorized privileged access could disrupt process optimization and monitoring.

Is this CVE in your environment?

BreachSpider monitors your ICS/OT environment for vulnerabilities like this one. No agents or network access required. Free to start.

Check My Environment →
Frequently Asked Questions
What is CVE-2025-14272?
Rockwell Automation FactoryTalk Analytics PavilionX versions prior to 7.01 contain a Missing Authorization vulnerability (CVE-2025-14272, CVSS 7.0) that allows an attacker to execute privileged operations without proper authorization checks. An authenticated or potentially unauthenticated attacker could leverage this flaw to perform administrative actions within the analytics platform, potentially manipulating process data, altering analytics models, or pivoting to connected OT systems. In OT en
Is CVE-2025-14272 actively exploited?
No confirmed active exploitation of CVE-2025-14272 as of 2026-06-24.
How do I remediate CVE-2025-14272?
Update to 7.01 or later. FactoryTalk Analytics PavilionX version 7.01 remediates CVE-2025-14272 by implementing proper authorization controls on privileged operations that were previously accessible without adequate permission verification, preventing unauthorized execution of elevated functions within the analytics platform. Advisory: https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1730.html
What systems are affected by CVE-2025-14272?
CVE-2025-14272 affects: Rockwell Automation.
Vulnerability Details
CVE IDCVE-2025-14272
Published2026-06-16
Last Modified2026-06-16
ICS Relevance80%
Weakness (CWE)
SourceNVD
Official Description

View CSAF Summary Successful exploitation of this vulnerability could result in an attacker executing privileged operations. The following versions of Rockwell Automation FactoryTalk Analytics PavilionX are affected: FactoryTalk Analytics PavilionX <7.01 (CVE-2025-14272) CVSS Vendor Equipment Vulnerabilities v3 7 Rockwell Automation Rockwell Automation FactoryTalk Analytics PavilionX Missing Authorization Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed

Source: NIST NVD / MITRE CVE Database

Affected Products
VendorProductFixed Version
Rockwell Automation &mdash;
Remediation

Fixed Version: 7.01

FactoryTalk Analytics PavilionX version 7.01 remediates CVE-2025-14272 by implementing proper authorization controls on privileged operations that were previously accessible without adequate permission verification, preventing unauthorized execution of elevated functions within the analytics platform.

View Vendor Advisory →
Threat Intelligence
● Threat Intelligence Validated: July 2026 | Threat Age: 26 Days
CISA KEVNot in KEV catalog
Public ExploitNot confirmed
PoC CodeNot confirmed
● Virtual Patch — CITED Relevance SAGE Engine LOW CONFIDENCE

Deploy IDS/IPS rules at the network perimeter and OT DMZ boundary to detect and alert on high-frequency or anomalous POST requests targeting PavilionX API endpoints, particularly those invoking administrative or privileged paths. Block all access to PavilionX HTTP/HTTPS management interfaces from untrusted network segments and enforce IP allowlisting at the firewall. Monitor for lateral movement from PavilionX servers toward PLCs or historians.

No reliable network detection signature exists for this vulnerability class — apply the compensating controls above and the vendor patch. SAGE only publishes a network rule when a concrete on-the-wire signature can be grounded in the advisory.

Virtual patch generated by CITED Relevance SAGE. Validate in isolated environment before production deployment. Compensating control only - does not replace vendor patch.

Related CVEs affecting Rockwell Automation
CVE-2017-16740 10.0 A Buffer Overflow issue was discovered in Rockwell Automation Allen-Bradley M... CVE-2012-4715 10.0 Buffer overflow in LogReceiver.exe in Rockwell Automation RSLinx Enterprise C... CVE-2009-3739 10.0 Multiple unspecified vulnerabilities on the Rockwell Automation AB Micrologix... CVE-2016-9343 10.0 An issue was discovered in Rockwell Automation Logix5000 Programmable Automat... CVE-2020-14516 10.0 In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.1...
View all Rockwell Automation CVEs →

ICS/OT Vulnerability Intelligence for Your Environment

BreachSpider monitors 353,228 CVEs across ICS/OT vendors. SAGE-enriched alerts with virtual patches, NERC-CIP mapping, and PSIRT contacts delivered to your SIEM in minutes.

Join free →