CVE-2025-7350

Published Sep 9, 2025

Last updated 6 months ago

CVSS high 8.6
Scada

Overview

Description
A security issue affecting multiple Cisco devices also directly impacts Stratix® 5410, 5700, and 8000 devices. This can lead to remote code execution by uploading and running malicious configurations without authentication.
Source
PSIRT@rockwellautomation.com
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.6
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

Weaknesses

PSIRT@rockwellautomation.com
CWE-74

Social media

Hype score
Not currently trending

  1. CVE-2025-7350 Remote Code Execution in Cisco Stratix 5410, 5700, and 8000 Devices Without Authentication https://t.co/Btcg87ZQcw

    @VulmonFeeds

    9 Sept 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 Attention Stratix users! A sneaky vulnerability (CVE-2025-7350) lets mischief-makers upload rogue configs without a password! Rockwell says patch up to IOS 15.2(8)E6 ASAP! Don’t let your switches be the life of the cyber party! 💻 #WindowsForum #Cyber… https://t.co/Z4K

    @windowsforum

    9 Sept 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-7350 is a high-severity remote code execution (RCE) vulnerability discovered in Rockwell Automation’s Stratix series industrial Ethernet switches. View the full vulnerability analysis report on ....... https://t.co/ZFI6qFmKls https://t.co/5so9aK4JvQ

    @cyberbivash

    9 Sept 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. [CVE-2025-7350: HIGH] Cisco devices and certain Stratix models are vulnerable to remote code execution due to a security flaw. Stay vigilant to prevent unauthorized access risks.#cve,CVE-2025-7350,#cybersecurity https://t.co/OSPqVfiwCE https://t.co/dqR3eaFmhV

    @CveFindCom

    9 Sept 2025

    84 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-7350 A security issue affecting multiple Cisco devices also directly impacts Stratix® 5410, 5700, and 8000 devices. This can lead to remote code execution by uploading and r… https://t.co/AgjPqnVhIn

    @CVEnew

    9 Sept 2025

    253 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2025-7350: Critical RCE Flaw in Rockwell Stratix Switches Scores CVSS 9.6 https://t.co/3T5vbHZxrb https://t.co/2k7lsdmFjP #cybersecurity #infosec #hacking

    @cypmsecnews

    9 Sept 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Related CVEs

  1. All versions of InSAT MasterSCADA BUK-TS are susceptible to OS command injection through a field in its MMadmServ web interface. Malicious users that use the vulnerable endpoint are potentially able to cause remote code execution.CVE-2026-22553
  2. InSAT MasterSCADA BUK-TS is susceptible to SQL Injection through its main web interface. Malicious users that use the vulnerable endpoint are potentially able to cause remote code execution.CVE-2026-21410
  3. FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through version 1.2.10, an authorization bypass vulnerability in the FUXA allows an unauthenticated, remote attacker to create and modify arbitrary schedulers, exposing connected ICS/SCADA environments to follow-on actions. This has been patched in FUXA version 1.2.11.CVE-2026-25939
  4. FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An insecure default configuration in FUXA allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on the server. This affects FUXA through version 1.2.9 when authentication is enabled, but the administrator JWT secret is not configured. This issue has been patched in FUXA version 1.2.10.CVE-2026-25894
  5. ProficySCADA for iOS 5.0.25920 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the password input field. Attackers can overwrite the password field with 257 bytes of repeated characters to trigger an application crash and prevent successful authentication.CVE-2020-37143

References

Sources include official advisories and independent security research.