CVE-2025-9364

Published Sep 9, 2025

Last updated 6 months ago

CVSS high 8.7
Scada

Overview

Description
An open database issue exists in the affected product and version. The security issue stems from an over permissive Redis instance. This could result in an attacker on the intranet accessing sensitive data and potential alteration of data.
Source
PSIRT@rockwellautomation.com
NVD status
Analyzed
Products
factorytalk_analytics_logixai

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.7
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

CVSS 3.1

Type
Primary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

PSIRT@rockwellautomation.com
CWE-497

Social media

Hype score
Not currently trending

  1. CVE-2025-9364 Redis Database Exposure Enabling Unauthorized Data Access and Modification https://t.co/foSjNA57eK

    @VulmonFeeds

    9 Sept 2025

    128 Impressions

    2 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. [CVE-2025-9364: HIGH] Security alert: Open database issue in product version due to over permissive Redis instance. Attackers may access sensitive data and alter information. #cybersecurity#cve,CVE-2025-9364,#cybersecurity https://t.co/taz7G2tGvs https://t.co/IMwE1cf0hx

    @CveFindCom

    9 Sept 2025

    70 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-9364 An open database issue exists in the affected product and version. The security issue stems from an over permissive Redis instance. This could result in an attacker on … https://t.co/KAsJR53dnn

    @CVEnew

    9 Sept 2025

    237 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. All versions of InSAT MasterSCADA BUK-TS are susceptible to OS command injection through a field in its MMadmServ web interface. Malicious users that use the vulnerable endpoint are potentially able to cause remote code execution.CVE-2026-22553
  2. InSAT MasterSCADA BUK-TS is susceptible to SQL Injection through its main web interface. Malicious users that use the vulnerable endpoint are potentially able to cause remote code execution.CVE-2026-21410
  3. FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through version 1.2.10, an authorization bypass vulnerability in the FUXA allows an unauthenticated, remote attacker to create and modify arbitrary schedulers, exposing connected ICS/SCADA environments to follow-on actions. This has been patched in FUXA version 1.2.11.CVE-2026-25939
  4. FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An insecure default configuration in FUXA allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on the server. This affects FUXA through version 1.2.9 when authentication is enabled, but the administrator JWT secret is not configured. This issue has been patched in FUXA version 1.2.10.CVE-2026-25894
  5. ProficySCADA for iOS 5.0.25920 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the password input field. Attackers can overwrite the password field with 257 bytes of repeated characters to trigger an application crash and prevent successful authentication.CVE-2020-37143

References

Sources include official advisories and independent security research.