CVE-2025-5191
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-25

Last updated on: 2025-08-25

Assigner: Moxa Inc.

Description
An Unquoted Search Path vulnerability has been identified in the utility for Moxa’s industrial computers (Windows). Due to the unquoted path configuration in the SerialInterfaceService.exe utility, a local attacker with limited privileges could place a malicious executable in a higher-priority directory within the search path. When the Serial Interface service starts, the malicious executable could be run with SYSTEM privileges. Successful exploitation could allow privilege escalation or enable an attacker to maintain persistence on the affected system. While successful exploitation can severely impact the confidentiality, integrity, and availability of the affected device itself, there is no loss of confidentiality, integrity, or availability within any subsequent systems.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-25
Last Modified
2025-08-25
Generated
2026-06-16
AI Q&A
2025-08-25
EPSS Evaluated
2026-06-15
NVD
CVE-2025-5191
EUVD
EUVD-2025-25691
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
moxa industrial_computers *
moxa serialinterfaceservice *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-5191 is an Unquoted Search Path vulnerability in the SerialInterfaceService.exe utility used by Moxa's industrial computers running Windows. Because the executable path is not quoted, a local attacker with limited privileges can place a malicious executable in a directory that the system searches before the legitimate one. When the Serial Interface service starts, it may run the malicious executable with SYSTEM-level privileges, allowing the attacker to escalate privileges or maintain persistence on the affected device. [1]

Impact Analysis

Successful exploitation of this vulnerability can lead to privilege escalation, giving an attacker SYSTEM-level access on the affected device. This can severely impact the confidentiality, integrity, and availability of the device itself. The attacker could maintain persistence on the device, potentially compromising its operation. However, there is no impact on confidentiality, integrity, or availability of other connected systems. [1]

Detection Guidance

This vulnerability can be detected by checking the path configuration of the SerialInterfaceService.exe utility for unquoted paths. On the affected Windows system, you can inspect the service executable path using commands like: 1) Using PowerShell: Get-WmiObject win32_service | Where-Object { $_.Name -eq 'SerialInterfaceService' } | Select-Object PathName 2) Using Command Prompt: sc qc SerialInterfaceService and then verify if the executable path contains unquoted spaces. Additionally, monitoring for unusual executables in directories that appear earlier in the system PATH environment variable can help detect attempts to exploit this vulnerability. [1]

Mitigation Strategies

Immediate mitigation steps include applying the updated utility versions provided by Moxa, such as Utility v1.2 or later, or installing the security patch SerialInterfaceSetup-6.6.0.exe available from Moxa Technical Support. Additionally, restrict network access to affected devices using firewalls and ACLs, segregate operational networks, disable unused services, implement multi-factor authentication and role-based access control, secure remote access with encrypted protocols, enable logging and audit trails, monitor for anomalies, and conduct regular security assessments to reduce the risk of exploitation. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-5191. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart