CISA has issued an advisory that Rockwell Automation’s FactoryTalk Analytics PavilionX is vulnerable to unauthorized API access.
The vulnerability (CVE‑2025‑14272) affects PavilionX versions earlier than 7.01. It stems from inadequate authorization checks on API endpoints, letting an unauthenticated actor perform privileged actions such as user and role management. Rockwell’s SD1777 advisory recommends updating to version 7.01 or later, which is available from the company’s download center. No public exploitation has been reported, but the CVSS score of 7.0–8.3 marks it as high severity.
The flaw matters because PavilionX sits in the data‑pipeline of many manufacturing control systems. A breach could let attackers alter monitoring configurations or disrupt production schedules, extending risk from IT networks into the plant floor. Updating now reduces the attack surface before threat actors develop exploits.
As with most industrial‑control vulnerabilities, the real protection comes from keeping the software current and isolating control networks behind firewalls.