CVE-2025-7330
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-14

Last updated on: 2025-10-30

Assigner: Rockwell Automation

Description
A cross-site request forgery security issue exists in the product and version listed. The vulnerability stems from missing CSRF checks on the impacted form. This allows for unintended configuration modification if an attacker can convince a logged in admin to visit a crafted link.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-14
Last Modified
2025-10-30
Generated
2026-06-16
AI Q&A
2025-10-14
EPSS Evaluated
2026-06-15
NVD
CVE-2025-7330
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
rockwellautomation 1783-natr_firmware to 1.007 (exc)
rockwellautomation 1783-natr *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-7330 is a cross-site request forgery (CSRF) vulnerability caused by missing CSRF protections on certain forms in the affected product. This flaw allows an attacker to trick a logged-in administrator into executing unintended configuration changes by convincing them to visit a specially crafted link. [1]

Impact Analysis

This vulnerability can lead to unauthorized configuration modifications if an attacker successfully tricks a logged-in admin into visiting a malicious link. Such unintended changes could compromise the security or functionality of the affected device or system, potentially disrupting operations or exposing sensitive configurations. [1]

Mitigation Strategies

To mitigate this vulnerability, you should upgrade the affected Rockwell Automation 1783-NATR configurable NAT router software to version 1.007 or later, as these versions include the necessary fixes for CVE-2025-7330. Additionally, follow Rockwell Automation's security best practices to maintain a secure environment. No workarounds are provided. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-7330. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart