HomeRockwellautomationCVE-2025-7330

CVE-2025-7330

HIGH
7.0CVSS
Published: 2025-10-14
Updated: 2025-10-30
AI Analysis

Description

A cross-site request forgery security issue exists in the product and version listed. The vulnerability stems from missing CSRF checks on the impacted form. This allows for unintended configuration modification if an attacker can convince a logged in admin to visit a crafted link.

CVSS Metrics

Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
network
Complexity
low
Privileges
none
User Action
active
Confidentiality
undefined
Integrity
undefined
Availability
undefined
Weaknesses
CWE-352

Metadata

Primary Vendor
ROCKWELLAUTOMATION
Published
10/14/2025
Last Modified
10/30/2025
Source
NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

rockwellautomation : 1783-natr_firmware

AI-Powered Remediation

Generate remediation guidance or a C-suite brief for this vulnerability.

Executive Intelligence Brief

View on NIST NVD
CVE-CVE-2025-7330 | HIGH Severity | CVEDatabase.com | CVEDatabase.com