CVE-2025-7330
published 2025-10-14CVE-2025-7330: A cross-site request forgery security issue exists in the product and version listed. The vulnerability stems from missing CSRF checks on the impacted form…
PriorityP431medium6.5CVSS 3.1
AVNACLPRNUIRSUCNIHAN
EPSS
0.19%
8.6th percentile
A cross-site request forgery security issue exists in the product and version listed. The vulnerability stems from missing CSRF checks on the impacted form. This allows for unintended configuration modification if an attacker can convince a logged in admin to visit a crafted link.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwell_automation | comms_1783-natr | — | — |
| rockwellautomation | 1783-natr_firmware | < 1.007 | 1.007 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvdv4.07.0HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Rockwell Automation 1783-NATR
cisa_ics·2025-10-21·CVSS 9.8
[CRITICAL] Rockwell Automation 1783-NATR
ICS Advisory
##
Rockwell Automation 1783-NATR
Release DateOctober 21, 2025
Alert CodeICSA-25-294-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.9
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Rockwell Automation
- Equipment: 1783-NATR
- Vulnerabilities: Missing Authentication for Critical Function, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Cross-Site Request Forgery (CSRF)
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could result in a denial-of-service, data modification, or in an attacker obtaining sensitive information.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The f
GHSA
GHSA-c73r-h28j-r6h3: A cross-site request forgery security issue exists in the product and version listed
ghsa_unreviewed·2025-10-14
CVE-2025-7330 [HIGH] CWE-352 GHSA-c73r-h28j-r6h3: A cross-site request forgery security issue exists in the product and version listed
A cross-site request forgery security issue exists in the product and version listed. The vulnerability stems from missing CSRF checks on the impacted form. This allows for unintended configuration modification if an attacker can convince a logged in admin to visit a crafted link.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-10-14
Published