CNNVD-202511-1194 Information

Nov 11, 2025 cve

CNNVD ID

CNNVD-202511-1194

CVE-2025-11085

CNNVD Published: 2025-11-11

Description (Chinese)

Rockwell Automation FactoryTalk DataMosaix Private Cloud是美国罗克韦尔（Rockwell Automation）公司的一个工业数据平台产品。 Rockwell Automation FactoryTalk DataMosaix Private Cloud存在安全漏洞，该漏洞源于允许存储型跨站脚本攻击，可能导致执行恶意JavaScript代码，进而导致账户接管、凭据窃取或重定向到恶意网站。

Description (English)

Rockwell Automation ActoryTalk DataMosaix Private Cloud is an industrial data platform product of Rockwell Automation, United States. Lockwell Automation ActoryTalk DataMosaix Private Cloud has a security loophole, which stems from allowing storage-type cross-site script attacks, which may lead to the implementation of malicious JavaScript codes, leading to account take-over, theft on evidence or redirection to malicious websites.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

罗克韦尔

Published

2025-11-11

Last Modified

2026-02-24

References

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1758.html

Patch

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1758.html

Share on: