CVE-2025-9068: 
FactoryTalk Linx (RSLinx Enterprise) vulnerability analysis and mitigation

CVE-2025-9068 is a privilege escalation vulnerability discovered in the Rockwell Automation Driver Package x64 Microsoft Installer File (MSI) repair functionality, installed with FactoryTalk Linx. The vulnerability was disclosed on October 14, 2025, affecting FactoryTalk Linx version 6.40 and prior versions (Rockwell Advisory).

The vulnerability exists within the MSI repair functionality of the Rockwell Automation Driver Package x64. When exploited, authenticated attackers with valid Windows Users credentials can initiate a repair and hijack the resulting console window for vbpinstall.exe. The vulnerability is classified under CWE-269 (Improper Privilege Management) and has received a CVSS v4.0 Base Score of 8.5 HIGH (NVD, Rockwell Advisory).

Successful exploitation of this vulnerability allows attackers to launch a command prompt running with SYSTEM-level privileges, granting full access to all files, processes, and system resources on the affected system (Rockwell Advisory, Security Online).

Rockwell Automation recommends upgrading to FactoryTalk Linx version 6.50 or later to address this vulnerability. For customers unable to upgrade immediately, it is recommended to install the Microsoft patch addressing the MSI issue and follow standard security best practices (Rockwell Advisory).