As of June 15, 2022, this site no longer supports Internet Explorer. Please use another browser for the best experience on our site.
Sign In
Home Support Security Advisories CVE-2025-1679, CVE-2025-1680: Stored Cross-site Scripting (XSS) and Host Header Injection Vulnerabil

Product support

Security Advisories

Please sign in

Forgot your password?
Sign In
Remember Me.
Not a member? Sign up now
SUMMARY

CVE-2025-1679, CVE-2025-1680: Stored Cross-site Scripting (XSS) and Host Header Injection Vulnerabilities in Ethernet Switch

This security advisory addresses two vulnerabilities identified in Moxa’s Ethernet switches.

CVE-2025-1679

Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device’s web service that could impact authenticated users interacting with the device’s web interface. This vulnerability is classified as stored cross-site scripting (XSS); attackers inject malicious scripts into the system, and the scripts persist across sessions. There is no impact to the confidentiality, integrity, and availability of the affected device; no loss of availability within any subsequent systems but has some loss of confidentiality and integrity within the subsequent system.

CVE-2025-1680

An acceptance of extraneous untrusted data with trusted data vulnerability has been identified in Moxa’s Ethernet switches, which allows attackers with administrative privileges to manipulate HTTP Host headers by injecting a specially crafted Host header into HTTP requests sent to an affected device’s web service. This vulnerability is classified as Host Header Injection, where invalid Host headers can manipulate to redirect users, forge links, or phishing attacks. There is no impact to the confidentiality, integrity, and availability of the affected device; no loss of confidentiality, integrity, and availability within any subsequent systems.

Because the issues are assessed as medium to low severity, users can evaluate their environment and schedule the update in the next maintenance or update cycle.

 

The Identified Vulnerability Type and Potential Impact

CVE ID Vulnerability Type Impact
CVE-2025-1679

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC-63: Cross-Site Scripting (XSS)
CVE-2025-1680

CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data 

CAPEC-154: Resource Location Spoofing

Vulnerability Scoring Details 

CVE ID
Base Score
Vector
 Severity

Unauthenticated

Remote Exploits
CVE-2025-1679

CVSS 4.0: 4.8

AV:N/AC:L/AT:N/PR:H/UI:P/

VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

 Medium No
CVE-2025-1680 CVSS 4.0: 0.0

AV:N/AC:L/AT:P/PR:L/UI:P/

VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

 Low No
AFFECTED PRODUCTS AND SOLUTIONS

Solutions

Moxa has developed appropriate solutions to address these vulnerabilities. The solutions for the affected products are listed in the following table: 

Product Series Affected Versions Solutions
TN-4500A Series v3.13 and earlier Firmware v4.0 or later
TN-5500A Series v3.13 and earlier  Firmware v4.0 or later
TN-G4500 Series v5.5 and earlier 

Please contact Moxa Technical Support for the security patch (v5.5.255)
TN-G6500 Series v5.5 and earlier 

Please contact Moxa Technical Support for the security patch (v5.5.255)

 

Mitigations

To mitigate the risk associated with the vulnerability, we recommend the following actions:

  • Refer to the General Security Recommendations section to further strengthen your security context.

 

General Security Recommendations

To safeguard devices and networks, we recommend implementing the following recommendations to mitigate potential risks:

  1. Restrict Network Access
    • Use firewalls or access control lists (ACLs) to limit communication to trusted IP addresses and networks.
    • Segregate operational networks from other networks (e.g., enterprise networks) using VLANs or physical separation.
  2. Minimize Exposure
    • Avoid exposing devices directly to the Internet.
    • Disable unused network services and ports to reduce the attack surface.
  3. Enhance Device Authentication and Access Control
    • Implement multi-factor authentication (MFA) for accessing critical systems.
    • Use role-based access control (RBAC) to enforce the principle of least privilege.
  4. Regularly Update Firmware and Software
    • Keep devices updated with the latest firmware versions and security patches.
    • Establish a regular patch management schedule to address newly identified vulnerabilities.
  5. Secure Remote Access
    • Use encrypted communication protocols (e.g., VPN, SSH) for remote access.
    • Restrict remote access to authorized personnel only and enforce strong authentication mechanisms.
  6. Implement Anomaly Detection Techniques
    • Monitor network traffic and device behavior for unusual or unauthorized activities.
    • Use tools or techniques that can identify anomalies and provide alerts for potential threats.
  7. Implement Logging and Monitoring
    • Enable event logging and maintain audit trails on devices.
    • Regularly review logs for anomalies and unauthorized access attempts.
  8. Conduct Regular Security Assessments
    • Perform vulnerability assessments to identify potential risks.
    • Regularly review device configurations to ensure compliance with security policies.

 

Acknowledgement

We would like to express our gratitude to Aarón Flecha Menéndez and Víctor Bello Cuevas from HackRTU for reporting the vulnerability, collaborating with us to enhance the security of our products, and contributing to our efforts to deliver better service to our customers. 

 

Revision History:

VERSION DESCRIPTION RELEASE DATE
1.0 First release October 23, 2025

Relevant Products

TN-4500A Series · TN-5500A Series · TN-G4500 Series · TN-G6500 Series ·

  •   Print this page

  • Save
    You can manage and share your saved list in My Moxa
Related Advisories
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability

Do Not Share My Personal Information

To opt out of sharing your personal information for cross-context behavioral advertising, you can complete and submit the form provided below.


Please note that even if you choose to complete the form, you may still see our ads on other websites. However, these ads may not be as relevant to you as they would be if you had not opted out.

 
 
Added To Bag

View Bag
You have some items waiting in your bag; click here to finish your quote!

You are currently on the Global / English site.
Would you like to go to the site for your region?

Feedback