CVE-2025-7328 CRITICAL

CVE-2025-7328: Rockwell Automation Comms - 1783-NATR Multiple Broken Authentication Vulnerabilities

Vendor Rockwell Automation
Product Comms - 1783-NATR
Weakness CWE-306 · Missing auth
Published October 14, 2025
Last update October 14, 2025

CVSS base score

9.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H

What the vulnerability does

01Description

Multiple Broken Authentication security issues exist in the affected product. The security issues are due to missing authentication checks on critical functions. These could result in potential denial-of-service, admin account takeover, or NAT rule modifications. Devices would no longer be able to communicate through NATR as a result of denial-of-service or NAT rule modifications. NAT rule modification could also result in device communication to incorrect endpoints. Admin account takeover could allow modification of configuration and require physical access to restore.

Key dates

02Disclosure timeline

October 14, 2025 CVE published
October 14, 2025 Record updated