Vulnerability in Rockwell Automation Flex 5000 I/o

CVE-2025-9042

A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the 5094-IY8 device. It causes the module to enter a fault state with the Module LED flashing red. Upon un-inhibiting, the module retu…

EPSS: 0.003 (21.6th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2025-9042?
CVE-2025-9042 is a vulnerability in Rockwell Automation Flex 5000 I/o, classified under CWE-1287. Published 2025-08-14.
Is CVE-2025-9042 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.