CVE 8.7 HIGH

FactoryTalk® DataMosaix™ Private Cloud SQL Injection_CVE-2025-12807

December 9, 2025 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

A security issue was discovered in DataMosaix Private Cloud, allowing users with low privilege to perform sensitive database operations through exposed API endpoints.

AI Analysis

SQL injection vulnerability in FactoryTalk DataMosaix Private Cloud, allowing low-privileged users to perform sensitive database operations

Basic Information

ID CVE-2025-12807

Source Rockwell

Published Dec 9, 2025 at 13:56

Modified Dec 9, 2025 at 14:02

Affected Product

Vendor Rockwell Automation

Product FactoryTalk® DataMosaix™ Private Cloud

Version 7.11, 8.00, 8.01

Affected Versions Rockwell Automation FactoryTalk® DataMosaix™ Private Cloud 7.11, 8.00, 8.01

CWE Classification

CWE-89

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Rockwell Automation

Product FactoryTalk DataMosaix Private Cloud

Version 7.11, 8.00, 8.01

References

www.rockwellautomation.com /en-us/trust-center/security-advisories/advisory.SD1765.html

{
    "lastseen": "",
    "description": "A security issue was discovered in DataMosaix Private Cloud, allowing users with low privilege to perform sensitive database operations through exposed API endpoints.",
    "published": "2025-12-09T13:56:32.569Z",
    "modified": "2025-12-09T14:02:08.726Z",
    "type": "cve",
    "title": "FactoryTalk\u00ae DataMosaix\u2122 Private Cloud SQL Injection",
    "source": "Rockwell",
    "references": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1765.html",
    "id": "CVE-2025-12807",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "Rockwell Automation FactoryTalk\u00ae DataMosaix\u2122 Private Cloud 7.11, 8.00, 8.01",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FactoryTalk\u00ae DataMosaix\u2122 Private Cloud",
    "version": "7.11, 8.00, 8.01",
    "vendor": "Rockwell Automation",
    "ai_description": "SQL injection vulnerability in FactoryTalk DataMosaix Private Cloud, allowing low-privileged users to perform sensitive database operations",
    "ai_severity": "High",
    "ai_vendor": "Rockwell Automation",
    "ai_product": "FactoryTalk DataMosaix Private Cloud",
    "ai_version": "7.11, 8.00, 8.01",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply