EUVD-2025-27249

Malicious code in bioql PyPI...

CVE-2025-9065

A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer® service account NTLM hash...

Rockwell Automation ThinManager Server-Side Request Forgery Vulnerability

Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, Inc. It allows thin clients to be assigned to multiple remote desktop servers simultaneously. A server-side request forgery vulnerability exists in Rockwell Automation ThinManager, which stems from...

CVE-2025-9065

CVE-2025-9065 affects Rockwell Automation ThinManager®. Description: a server-side request forgery due to insufficient input sanitization allows authenticated attackers to specify external SMB paths, exposing the ThinServer service account NTLM hash. Documents consistently describe ThinManager SS...

CVE-2025-9065 Rockwell Automation ThinManager® Server-Side Request Forgery Vulnerability

A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer® service account NTLM hash...

Rockwell Automation ThinManager ThinServer Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Rockwell Automation ThinManager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

CVE-2025-3618

A denial-of-service vulnerability exists in the Rockwell Automation ThinManager. The software fails to adequately verify the outcome of memory allocation while processing Type 18 messages. If exploited, a threat actor could cause a denial-of-service on the target software...

CVE-2025-3618

A denial-of-service vulnerability exists in the Rockwell Automation ThinManager. The software fails to adequately verify the outcome of memory allocation while processing Type 18 messages. If exploited, a threat actor could cause a denial-of-service on the target software...

CVE-2025-3617

CVE-2025-3617 concerns the Rockwell Automation ThinManager product. The public materials describe a local privilege-escalation issue caused during startup when files in the temporary folder are deleted, causing the directory’s Access Control Entry to inherit permissions from the parent directory,...

CVE-2025-3617 Local Privilege Escalation in ThinManager®

A privilege escalation vulnerability exists in the Rockwell Automation ThinManager. When the software starts up, files are deleted in the temporary folder causing the Access Control Entry of the directory to inherit permissions from the parent directory. If exploited, a threat actor could inherit...

Rockwell Automation ThinManager ThinServer Arbitrary File Creation Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Rockwell Automation ThinManager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

PT-2024-8118 · Rockwell Automation · Thinmanager Thinserver

Name of the Vulnerable Software and Affected Versions: Rockwell Automation ThinManager ThinServer versions 11.1.0 through 11.1.7 Rockwell Automation ThinManager ThinServer versions 11.2.x Rockwell Automation ThinManager ThinServer versions 12.x Rockwell Automation ThinManager ThinServer versions...