cbcvebase.
CVE-2025-7328
published 2025-10-14

CVE-2025-7328: Multiple Broken Authentication security issues exist in the affected product. The security issues are due to missing authentication checks on critical…

PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.53%
40.5th percentile
Multiple Broken Authentication security issues exist in the affected product. The security issues are due to missing authentication checks on critical functions. These could result in potential denial-of-service, admin account takeover, or NAT rule modifications. Devices would no longer be able to communicate through NATR as a result of denial-of-service or NAT rule modifications. NAT rule modification could also result in device communication to incorrect endpoints. Admin account takeover could allow modification of configuration and require physical access to restore.

Affected

2 ranges
VendorProductVersion rangeFixed in
rockwell_automationcomms_1783-natr
rockwellautomation1783-natr_firmware< 1.0071.007

Detection & IOCsextracted from sources · hover to see the quote

  • Target device: Rockwell Automation 1783-NATR running firmware version 1.006 or prior is vulnerable to unauthenticated access to critical functions (missing authentication checks), enabling denial-of-service, admin account takeover, or NAT rule modification.
  • CVE-2025-7328 is remotely exploitable with no authentication, no user interaction, and low attack complexity (CVSS v3 10.0, AV:N/AC:L/PR:N/UI:N). Monitor for unauthenticated HTTP requests to administrative/configuration endpoints on 1783-NATR devices.
  • Alert on unexpected NAT rule changes or admin credential modifications on 1783-NATR devices, which may indicate exploitation of the missing authentication vulnerability.
  • Affected version scope: 1783-NATR firmware version 1.006 and prior. Devices running version 1.007 or later are patched.
  • ·No known public exploitation has been reported at time of advisory publication. Threat intelligence on active exploitation is currently absent.
  • ·Exploitation of the denial-of-service or NAT rule modification vectors causes devices to stop communicating through the NATR, which may be observable as a network-level outage rather than a traditional security alert.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.9CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.