CVE-2025-7330
BaseFortify
Publication date: 2025-10-14
Last updated on: 2025-10-30
Assigner: Rockwell Automation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rockwellautomation | 1783-natr_firmware | to 1.007 (exc) |
| rockwellautomation | 1783-natr | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7330 is a cross-site request forgery (CSRF) vulnerability caused by missing CSRF protections on certain forms in the affected product. This flaw allows an attacker to trick a logged-in administrator into executing unintended configuration changes by convincing them to visit a specially crafted link. [1]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized configuration modifications if an attacker successfully tricks a logged-in admin into visiting a malicious link. Such unintended changes could compromise the security or functionality of the affected device or system, potentially disrupting operations or exposing sensitive configurations. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade the affected Rockwell Automation 1783-NATR configurable NAT router software to version 1.007 or later, as these versions include the necessary fixes for CVE-2025-7330. Additionally, follow Rockwell Automation's security best practices to maintain a secure environment. No workarounds are provided. [1]