A security issue exists within the FactoryTalk Linx Network Browser. By modifying the process.env.NODE_ENV to ‘development’, the attacker can disable FTSP token validation. This bypass allows access to create, update, and delete FTLinx drivers.
Fixes

Solution

Upgrade to version 6.50 or later.


Workaround

No workaround given by the vendor.

History

Sat, 16 Aug 2025 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Rockwellautomation
Rockwellautomation factorytalk Linx
Vendors & Products Rockwellautomation
Rockwellautomation factorytalk Linx

Thu, 14 Aug 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 14 Aug 2025 15:00:00 +0000

Type Values Removed Values Added
Description A security issue exists within the FactoryTalk Linx Network Browser. By modifying the process.env.NODE_ENV to ‘development’, the attacker can disable FTSP token validation. This bypass allows access to create, update, and delete FTLinx drivers.
Title Rockwell Automation FactoryTalk® Linx Network Browser Security Bypass Vulnerability
Weaknesses CWE-286
References
Metrics cvssV4_0

{'score': 8.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Rockwell

Published:

Updated: 2025-08-14T15:08:22.952Z

Reserved: 2025-07-21T19:25:20.271Z

Link: CVE-2025-7972

cve-icon Vulnrichment

Updated: 2025-08-14T15:06:48.813Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-14T15:15:42.413

Modified: 2025-08-15T13:12:51.217

Link: CVE-2025-7972

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-16T21:41:14Z