CVE-2025-7328CRITICAL 9.8EPSS p40.3%

CVE-2025-7328CVE-2025-7328

Description

Multiple Broken Authentication security issues exist in the affected product. The security issues are due to missing authentication checks on critical functions. These could result in potential denial-of-service, admin account takeover, or NAT rule modifications. Devices would no longer be able to communicate through NATR as a result of denial-of-service or NAT rule modifications. NAT rule modification could also result in device communication to incorrect endpoints. Admin account takeover could allow modification of configuration and require physical access to restore.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.53% probability of exploitation · percentile 40.3% · 2026-06-19T12:03:05Z
Published2025-10-14
Last modified2025-10-29

Underlying weaknesses· 1

CWE-306

References

  1. https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1756.html

1

TypeTargetConfidenceTier
WeaknessMissing Authentication for Critical Functioncwe-3060%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-25715
CVE
CVE-2025-41652
CVE
CVE-2026-28536
CVE
CVE-2025-3719
CVE
CVE-2025-41651
CVE
CVE-2026-24789
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.