Stored Cross-Site Scripting Vulnerability in Rockwell Automation Products
CVE-2025-7329

8.5HIGH

Key Information:

Vendor: Rockwell Automation
Status: Comms - 1783-natr
Vendor: CVE Published:; 14 October 2025

🔔 Create Rockwell Automation Vulnerability Alert

What is CVE-2025-7329?

A vulnerability exists within Rockwell Automation products that allows for stored cross-site scripting (XSS), potentially enabling an attacker to manipulate and expose sensitive user data. The issue arises from inadequate filtering and encoding of special characters, which can be exploited if an attacker has access to update the configuration fields behind an admin login. This flaw could lead to unauthorized access to sensitive information or the disruption of web page functionality, posing significant security risks to users and organizations relying on these products.

Affected Version(s)

Comms - 1783-NATR Version 1.006 and prior

References

https://www.rockwellautomation.com/en-us/trust-center/sec...

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Jul 7, 2025

JSON