216.73.217.22

CVE-2025-7328

· Published 14/10/2025 13:15 · Modified 14/10/2025 19:36

Labels: CVE-2025-7328 2025-10-14CVE-2025-7328CWE-306[email protected]

Essential information

Published
14/10/2025 13:15
Modified
14/10/2025 19:36
Author
Creator
CVSS
9.9 CRITICAL (v3) 9.9 CRITICAL (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Multiple Broken Authentication security issues exist in the affected product. The security issues are due to missing authentication checks on critical functions. These could result in potential denial-of-service, admin account takeover, or NAT rule modifications. Devices would no longer be able to communicate through NATR as a result of denial-of-service or NAT rule modifications. NAT rule modification could also result in device communication to incorrect endpoints. Admin account takeover could allow modification of configuration and require physical access to restore.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
rockwellautomation / * cpe:2.3:a:rockwellautomation:*:*:*:*:*:*:*:*:*

References