CVE-2025-12807

Vulnerability

Overview

CVE-2025-12807 is an SQL injection vulnerability in Rockwell Automation's FactoryTalk DataMosaix Private Cloud, a customer-managed Industrial DataOps platform. The root cause is improper neutralization of special elements used in SQL commands (CWE-89) within exposed API endpoints [1]. This allows an attacker with low privileges to inject arbitrary SQL queries into backend database operations.

Attack

Vector and Exploitation

The vulnerability is exploitable through the product's API endpoints, which are accessible to authenticated users with low privileges. No special network access or elevated permissions are required beyond a valid low-privilege account. The attacker sends crafted SQL payloads via API requests, bypassing input validation to execute unauthorized database commands## Impact

Successful exploitation grants the attacker the ability to perform sensitive database operations, such as reading, modifying, or deleting data. Given the CVSS 3.1 base score is 8.8 (High), indicating significant potential for confidentiality, integrity, and availability impact. The vulnerability was discovered internally during routine testing and is not listed in the CISA Known Exploited Vulnerabilities catalog## Mitigation

Rockwell Automation has released corrected version 8.01.02 for affected versions 7.11, 8.00, and 8.01. Customers unable to upgrade immediately should follow security best practices, including restricting API access and applying principle of least privilege