CVE-2025-7972
CRITICALDescription
A security issue exists within the FactoryTalk Linx Network Browser. By modifying the process.env.NODE_ENV to ‘development’, the attacker can disable FTSP token validation. This bypass allows access to create, update, and delete FTLinx drivers.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| rockwellautomation | factorytalk_linx |
References
Frequently Asked Questions
What is CVE-2025-7972? +
How severe is CVE-2025-7972? +
What products are affected by CVE-2025-7972? +
How do I check if I'm vulnerable to CVE-2025-7972? +
Related Vulnerabilities
An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request.
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to accept an invitation opened …
An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server when logged in as …
phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during …
A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious high-privileged user could use …
Improper verification of a user input in Open Source MANO v7-v12 allows an authenticated attacker to execute arbitrary code within …