exploitDog

CVE-2025-9065

Опубликовано: 09 сент. 2025

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer® service account NTLM hash.

Ссылки

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1743.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*

Версия от 13.0.0 (включая) до 14.0.0 (включая)

EPSS

Процентиль: 2%

0.00015

Низкий

8.8 High

CVSS3

Дефекты

CWE-610

CWE-918

Связанные уязвимости

GHSA-7mhq-hm3w-mqpr

CVSS3: 8.8

github

5 месяцев назад

A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer® service account NTLM hash.

EPSS

Процентиль: 2%

0.00015

Низкий

8.8 High

CVSS3

Дефекты

CWE-610

CWE-918