How severe is CVE-2025-9065?

CVE-2025-9065 has a CVSS v3 score of 8.8 (HIGH).

CVE-2025-9065

Name: thinmanager
Author: rockwellautomation

8.8HIGH

A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by sp

Опубликовано: 9/9/2025Обновлено: 10/20/2025

Описание

A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer® service account NTLM hash.

ИИ-АнализНа базе ИИ

Затронутые продукты

rockwellautomationthinmanager

Ссылки

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1743.html
Vendor Advisory