CVE-2025-24482

CVE-2025-24482 is a local code injection vulnerability in Rockwell Automation's FactoryTalk View SE. The vulnerability stems from incorrect default permissions assigned to the software, which allows an attacker to execute dynamic-link libraries (DLLs) with elevated privileges. This issue affects versions prior to V15.0, with patches available for V12, V13, and V14 as specified by Answer ID 1152304 [1].

To exploit this vulnerability, an attacker requires local access to the affected system. No authentication is needed, and the attack complexity is low. The attack vector is local, which means the attacker must have physical or remote interactive access to the workstation. Once exploited, the attacker can execute arbitrary code via DLL injection with higher-level permissions, potentially leading to privilege escalation [1].

The impact of successful exploitation includes partial loss of confidentiality and integrity, as well as a high impact on availability. The CVSS 3.1 base score is 7.3 (High), with a vector of AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H. The vulnerability is classified under CWE-94: Improper Control of Generation of Code ('Code Injection'). It is not listed in the Known Exploited Vulnerabilities (KEV) database [1].

Rockwell Automation recommends upgrading to V15.0 or applying the corresponding patch for the appropriate version (Answer ID 1152304). Additionally, limiting physical access to workstations and network access may reduce the risk. This vulnerability has been addressed in corrected software versions, and no workarounds beyond these mitigations have been provided [1].