Auth bypass in Rockwell Automation 5032-cfgb16m12dr

CVE-2025-7774

A security issue exists within the 5032 16pt Digital Configurable module’s web server. Intercepted session credentials can be used within a 3-minute timeout window, allowing unauthorized users to perform privileged actions.

Vulnerability class: Broken Authentication

EPSS: 0.004 (30.0th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2025-7774?
CVE-2025-7774 is a vulnerability in Rockwell Automation 5032-cfgb16m12dr, classified under Missing Authentication for Critical Function. Published 2025-08-14.
Is CVE-2025-7774 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.