Auth bypass in Rockwell Automation 5032-cfgb16m12dr

CVE-2025-7773

A security issue exists within the 5032 16pt Digital Configurable module’s web server. The web server’s session number increments at an interval that correlates to the last two consecutive sign in session interval, making it predictable.

Vulnerability class: Broken Access Control

EPSS: 0.004 (30.0th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2025-7773?
CVE-2025-7773 is a vulnerability in Rockwell Automation 5032-cfgb16m12dr, classified under Incorrect Authorization. Published 2025-08-14.
Is CVE-2025-7773 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.