What is CVE-2025-0498?

A high-severity data exposure vulnerability affects Rockwell Automation FactoryTalk® AssetCentre prior to version V15.00.001. Organizations must address this issue to prevent potential user impersonation attacks.

What is the severity of CVE-2025-0498?

CVE-2025-0498 has a severity rating of HIGH with a CVSS base score of 7.

CVE-2025-0498 | High Vulnerability in Rockwell Automation FactoryTalk® AssetCentre

A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to insecure storage of FactoryTalk® Security user tokens, which could allow a threat actor to steal a token and impersonate another user. The CVSS score for this vulnerability is 7, categorized as high severity, indicating a significant risk.

This vulnerability allows attackers to exploit systems and potentially gain unauthorized access to sensitive information. Risk to organizations includes the possibility of user impersonation, which can lead to further exploitation or data breaches. Therefore, organizations should prioritize patching immediately.

Currently, there are no known exploits or public proof-of-concept (PoC) available. However, given the nature of the vulnerability and its potential impact, it remains critical for organizations to assess their exposure and take preventive measures.

Organizations using Rockwell Automation FactoryTalk® AssetCentre must schedule remediation for this vulnerability to mitigate associated risks.

Vulnerability Details

The vulnerability is classified under CWE-522, indicating a data exposure issue. The CVSS v4.0 base score of 7 signifies a high severity level, with the attack vector being local, and a low attack complexity. The confidentiality, integrity, and availability impacts are all rated high, which underscores the critical nature of the vulnerability.

The affected product is Rockwell Automation FactoryTalk® AssetCentre, and the vulnerability was published on January 30, 2025. Users are urged to apply the latest patches to secure their systems.

Technical Analysis

The root cause of this vulnerability is the insecure storage of user tokens. Attackers may leverage this vulnerability by exploiting the weak storage mechanism to steal user tokens. The attack vector is local, and the attack complexity is low, requiring only low privileges and passive user interaction. The potential impacts on confidentiality, integrity, and availability are significant, as all are rated high.

Risk & Impact Analysis

The real-world deployment risk is substantial, given the ability for attackers to impersonate legitimate users, potentially leading to unauthorized access to sensitive data. The blast radius may include various systems and users relying on FactoryTalk® AssetCentre for secure operations. The urgency for organizations to address this vulnerability is high, given its CVSS score of 7 and the absence of known mitigation measures.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

All versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre are affected by this vulnerability. Organizations must ensure their systems are updated to this version or later.

Mitigation & Remediation

Organizations should prioritize patching immediately. Upgrade to version V15.00.001 or later to remediate this vulnerability. If a patch is not immediately available, consider implementing configuration hardening and network controls to limit exposure. For guidance on effective remediation strategies, refer to the penetration testing services that can help identify and address vulnerabilities.

Detection Guidance

To detect potential exploitation attempts, organizations should monitor logs for unusual access patterns, specifically regarding user token access. Behavioral anomalies in user activity may indicate an ongoing attack. Additionally, network signatures related to unauthorized access attempts should be closely observed.

AppSecure Threat Intelligence Insight

This vulnerability highlights the ongoing challenges organizations face in securing user authentication mechanisms. It serves as a reminder of the importance of secure token storage and the need for regular security assessments. Security teams should learn from this incident to enhance their defensive strategies, particularly by investing in vulnerability management programs and continuous monitoring practices. For additional insights, explore resources on penetration testing methodology and the role of security testing best practices in identifying vulnerabilities.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-0498: High Vulnerability in Rockwell Automation FactoryTalk® AssetCentre