ICSA-25-189-01 · Published 2025-07-08 · View on CISA ICS-CERT ↗

Emerson ValveLink Products

CVSS 9.4 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker with access to the system to read sensitive information stored in cleartext, tamper with parameters, and run un-authorized code.

CVEs (5)

CVE-2025-52579 CVE-2025-50109 CVE-2025-46358 CVE-2025-48496 CVE-2025-53471

Remediations

Emerson recommends users update their Valvelink software to ValveLink 14.0 or later. The upgrade can be downloaded from the Emerson website.
For more information see the associated Emerson security notification.

Affected Vendors

Emerson

Affected Products (4)

Emerson · ValveLink SOLO <ValveLink_14.0

Emerson · ValveLink DTM <ValveLink_14.0

Emerson · ValveLink PRM <ValveLink_14.0

Emerson · ValveLink SNAP-ON <ValveLink_14.0

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more