What is CVE-2025-0477?

A critical encryption vulnerability affecting all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre could allow attackers to extract user passwords. Immediate patching is essential to mitigate risks.

What is the severity of CVE-2025-0477?

CVE-2025-0477 has a severity rating of CRITICAL with a CVSS base score of 9.3.

CVE-2025-0477 | Critical Vulnerability in Rockwell Automation FactoryTalk® AssetCentre

An encryption vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to a weak encryption methodology and could allow a threat actor to extract passwords belonging to other users of the application.

This vulnerability has been classified as critical with a CVSS score of 9.3. Organizations using affected versions must take this threat seriously, as the potential for password extraction poses significant risks.

Risk to organizations includes unauthorized access to sensitive information, system compromise, and potentially significant operational impacts. Organizations should prioritize patching immediately.

Currently, there is no known exploit for this vulnerability, but the critical nature of the flaw necessitates urgent attention from security teams.

Vulnerability Details

The vulnerability exists due to a weak encryption methodology within Rockwell Automation's FactoryTalk® AssetCentre, which allows attackers to potentially extract user passwords. The vulnerability is classified under CWE-522.

The CVSS score of 9.3 indicates a critical vulnerability, with high impacts on confidentiality, integrity, and availability. The vulnerability affects all versions prior to V15.00.001.

Published on January 30, 2025, this vulnerability has been analyzed and requires immediate remediation.

Technical Analysis

The root cause of this vulnerability lies in the implementation of weak encryption methods, which fail to adequately protect sensitive user credentials. Attackers may leverage this weakness through network access, as there are no privileges required, and no user interaction needed.

With low attack complexity, this vulnerability poses a significant threat, especially when combined with the high impact on confidentiality, integrity, and availability.

Risk & Impact Analysis

In real-world deployments, the risk associated with this vulnerability is substantial. The potential for unauthorized access to user credentials could lead to a broader compromise of systems and data.

Organizations must assess their exposure and prioritize remediation efforts. Given the critical CVSS score, this vulnerability should be addressed as a top priority in patch cycles.

The potential blast radius is large, affecting all users of the application, which could lead to significant financial and reputational damage.

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

All versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre are affected by this vulnerability. Organizations are urged to verify their versions against this criterion to assess their risk.

Mitigation & Remediation

Rockwell Automation recommends upgrading to version V15.00.001 or later to mitigate this vulnerability. If patching is not immediately feasible, organizations should consider applying configuration hardening measures to protect sensitive data.

Organizations may also explore additional security measures such as network segmentation and monitoring to mitigate risks until a patch is applied. For further guidance, organizations should refer to best practices in penetration testing and security assessments.

Detection Guidance

Organizations should monitor logs for any unusual access attempts or modifications to user accounts. Behavioral anomalies may indicate attempts to exploit this vulnerability.

Additionally, monitoring network traffic for patterns consistent with credential scraping or unauthorized access attempts can assist in early detection.

AppSecure Threat Intelligence Insight

This vulnerability highlights the critical importance of secure encryption practices in application development. As organizations increasingly rely on digital solutions, the need for robust security measures becomes paramount.

Security teams should regularly review their encryption methodologies and assess their resilience against emerging threats. To further enhance security posture, organizations should consider adopting comprehensive application security assessments and vulnerability management programs.

Moreover, organizations should stay informed about vulnerabilities affecting their technology stack and implement proactive measures to mitigate associated risks, such as engaging in continuous penetration testing strategies to identify and address weaknesses before they are exploited.

Engaging in these practices not only enhances security but also builds a culture of security awareness within the organization.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-0477: Critical Vulnerability in Rockwell Automation FactoryTalk® AssetCentre