CVE-2025-7329 HIGH

CVE-2025-7329: Rockwell Automation Comms - 1783-NATR Stored Cross-Site Scripting Vulnerability

Vendor Rockwell Automation
Product Comms - 1783-NATR
Weakness CWE-79 · XSS
Published October 14, 2025
Last update October 14, 2025

CVSS base score

8.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A Stored Cross-Site Scripting security issue exists in the affected product that could potentially allow a malicious user to view and modify sensitive data or make the webpage unavailable. The vulnerability stems from missing special character filtering and encoding. Successful exploitation requires an attacker to be able to update configuration fields behind admin login.

Key dates

02Disclosure timeline

October 14, 2025 CVE published
October 14, 2025 Record updated

Related vulnerabilities

04Related CVE