CVE-2025-7773 HIGH

CVE-2025-7773: Rockwell Automation ArmorBlock 5000 I/O – Web Server Vulnerabilities

Vendor Rockwell Automation
Product 5032-CFGB16M12P5DR
Weakness CWE-863 · Incorrect authorization
Published August 14, 2025
Last update August 14, 2025
View on NVD All CVEs

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A security issue exists within the 5032 16pt Digital Configurable module’s web server. The web server’s session number increments at an interval that correlates to the last two consecutive sign in session interval, making it predictable.

Key dates

02Disclosure timeline

August 14, 2025 CVE published
August 14, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-48064 pam_usb: PAM_RHOST check skipped when deny_remote=false allows XDMCP authentication bypass CVE-2026-27447 OpenPrinting CUPS: Authorization bypass via case-insensitive group-member lookup CVE-2025-27933 Unauthorized Private-to-Public Channel Conversion CVE-2026-32915 OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Subagent Control Surface CVE-2026-29773 kubewarden-controller cross-namespace data exfiltration via deprecated host callback binding