8.3
/ 10
HIGH
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
Description
A security issue was identified in Pavilion due to improper authorization enforcement in API endpoints. This vulnerability can allow an unauthorized actor to execute privileged operations, including user/role management and other administrative actions.
Basic Information
ID
CVE-2025-14272
Source
Rockwell
Published
Jun 16, 2026 at 13:51
Affected Product
Vendor
Rockwell Automation
Product
FactoryTalk Analytics PavilionX
Version
7.0
Affected Versions
Rockwell Automation FactoryTalk Analytics PavilionX 7.0