CVE-2025-9067: 
FactoryTalk Linx (RSLinx Enterprise) vulnerability analysis and mitigation

A security vulnerability (CVE-2025-9067) was discovered in the x86 Microsoft Installer File (MSI) installed with FactoryTalk Linx. The vulnerability was identified on October 14, 2025, affecting FactoryTalk Linx version 6.40 and prior versions. This privilege escalation vulnerability allows authenticated attackers with valid Windows user credentials to gain SYSTEM-level privileges through MSI repair functionality (Rockwell Advisory).

The vulnerability exists within the x86 Microsoft Installer File (MSI) repair functionality. When an authenticated user initiates a repair process, they can hijack the resulting console window, which allows launching a command prompt with SYSTEM-level privileges. The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 and CVSS v4.0 Base Score of 8.5, categorized under CWE-268: Privilege Chaining (Rockwell Advisory, Daily CyberSecurity).

Successful exploitation of this vulnerability allows attackers to gain full access to all files, processes, and system resources with SYSTEM-level privileges. This level of access provides complete control over the affected system, potentially compromising the entire industrial automation environment (Rockwell Advisory).

Rockwell Automation recommends upgrading to FactoryTalk Linx version 6.50 or later to address this vulnerability. For customers unable to upgrade immediately, installing the Microsoft patch addressing the MSI issue is recommended. Additionally, following standard industrial security best practices is advised (Rockwell Advisory).