This security advisory addresses five vulnerabilities identified in Moxa’s network security appliances and routers.
CVE-2025-6892
An Incorrect Authorization vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authentication mechanism allows unauthorized access to protected API endpoints, including those intended for administrative functions. This vulnerability can be exploited after a legitimate user has logged in, as the system fails to properly validate session context or privilege boundaries. An attacker may leverage this flaw to perform unauthorized privileged operations. While successful exploitation can severely impact the confidentiality, integrity, and availability of the affected device itself, there is no loss of confidentiality or integrity within any subsequent systems.
CVE-2025-6893
An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in broken access control has been identified in the /api/v1/setting/data endpoint of the affected device. This flaw allows a low-privileged authenticated user to call the API without the required permissions, thereby gaining the ability to access or modify system configuration data. Successful exploitation may lead to privilege escalation, allowing the attacker to access or modify sensitive system settings. While the overall impact is high, there is no loss of confidentiality or integrity within any subsequent systems.
CVE-2025-6894
An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authorization logic of the affected device allows an authenticated, low-privileged user to execute the administrative `ping` function, which is restricted to higher-privileged roles. This vulnerability enables the user to perform internal network reconnaissance, potentially discovering internal hosts or services that would otherwise be inaccessible. Repeated exploitation could lead to minor resource consumption. While the overall impact is limited, it may result in some loss of confidentiality and availability on the affected device. There is no impact on the integrity of the device, and the vulnerability does not affect any subsequent systems.
CVE-2025-6949
An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A critical authorization flaw in the API allows an authenticated, low-privileged user to create a new administrator account, including accounts with usernames identical to existing users. In certain scenarios, this vulnerability could allow an attacker to gain full administrative control over the affected device, leading to potential account impersonation. While successful exploitation can severely impact the confidentiality, integrity, and availability of the affected device itself, there is no loss of confidentiality or integrity within any subsequent systems.
CVE-2025-6950
An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security appliances and routers. The system employs a hard-coded secret key to sign JSON Web Tokens (JWT) used for authentication. This insecure implementation allows an unauthenticated attacker to forge valid tokens, thereby bypassing authentication controls and impersonating any user. Exploitation of this vulnerability can result in complete system compromise, enabling unauthorized access, data theft, and full administrative control over the affected device. While successful exploitation can severely impact the confidentiality, integrity, and availability of the affected device itself, there is no loss of confidentiality or integrity within any subsequent systems.
Given the severity of these vulnerabilities, users are strongly advised to apply the latest firmware updates immediately to mitigate associated security risks.
The Identified Vulnerability Type and Potential Impact
| CVE ID |
Vulnerability Type |
Impact |
| CVE-2025-6892 |
CWE-863:
Incorrect Authorization
|
CAPEC-39:
Manipulating Opaque Client-based Data Tokens
|
| CVE-2025-6893 |
CWE-250:
Execution with Unnecessary Privileges
|
CAPEC-233:
Privilege Escalation
|
| CVE-2025-6894 |
CWE-250:
Execution with Unnecessary Privileges
|
CAPEC-233:
Privilege Escalation
|
| CVE-2025-6949 |
CWE-250:
Execution with Unnecessary Privileges
|
CAPEC-233:
Privilege Escalation
|
| CVE-2025-6950 |
CWE-798:
Use of Hard-coded Credentials
|
CAPEC-37:
Retrieve Embedded Sensitive Data
|
Vulnerability Scoring Details
|
CVE ID
|
Base Score
|
Vector
|
Severity |
Unauthenticated
Remote Exploits
|
| CVE-2025-6892 |
CVSS:4.0: 8.7
|
AV:N/AC:L/AT:P/PR:N/UI:P/
VC:H/VI:H/VA:H/SC:N/SI:N/SA:H
|
High |
Yes |
| CVE-2025-6893 |
CVSS:4.0: 9.3 |
AV:N/AC:L/AT:N/PR:L/UI:N/
VC:H/VI:H/VA:H/SC:N/SI:N/SA:H
|
Critical |
No |
| CVE-2025-6894 |
CVSS:4.0: 5.3 |
AV:N/AC:L/AT:N/PR:L/UI:N/
VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
|
Medium |
No |
| CVE-2025-6949 |
CVSS:4.0: 9.3 |
AV:N/AC:L/AT:N/PR:L/UI:N/
VC:H/VI:H/VA:H/SC:N/SI:N/SA:H
|
Critical |
No |
| CVE-2025-6950 |
CVSS:4.0: 9.9 |
AV:N/AC:L/AT:N/PR:N/UI:N/
VC:H/VI:H/VA:H/SC:N/SI:N/SA:H
|
Critical |
Yes |