CVE-2025-24482: FactoryTalk® View Site Edition - Local Code Injection
First published: Tue Jan 28 2025(Updated: )
A Local Code Injection Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect default permissions and allows for DLLs to be executed with higher level permissions.
Credit: PSIRT@rockwellautomation.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FactoryTalk View |
Remedy
Upgrade to V15 or apply patch. Answer ID 1152304
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-24482?
CVE-2025-24482 is considered a critical severity vulnerability due to its potential for local code execution.
How do I fix CVE-2025-24482?
To fix CVE-2025-24482, ensure that proper permissions are set to prevent the execution of DLLs with elevated permissions.
What software is affected by CVE-2025-24482?
CVE-2025-24482 specifically affects Rockwell Automation FactoryTalk View Site Edition.
When was CVE-2025-24482 disclosed?
CVE-2025-24482 was disclosed as part of ongoing security monitoring.
What are the implications of CVE-2025-24482?
The implications of CVE-2025-24482 include unauthorized execution of code, which could compromise system integrity and security.
- agent/remedy
- agent/weakness
- agent/title
- agent/references
- agent/description
- agent/first-publish-date
- agent/type
- collector/nvd-api
- source/NVD
- agent/severity
- agent/author
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/rockwell automation
- canonical/factorytalk view