CVE-2025-9036

Vulnerability Description

A security issue in the runtime event system allows unauthenticated connections to receive a reusable API token. This token is broadcasted over a WebSocket and can be intercepted by any local client listening on the connection.

Related Weaknesses (CWE)

CWE-200

References

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/adviso

FAQ

What is CVE-2025-9036?

CVE-2025-9036 is a documented vulnerability. A security issue in the runtime event system allows unauthenticated connections to receive a reusable API token. This token is broadcasted over a WebSocket and can be intercepted by any local client l...

How severe is CVE-2025-9036?

CVSS scoring is not yet available for CVE-2025-9036. Check NVD for updates.

Is there a patch for CVE-2025-9036?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.