CVE-2025-5191
BaseFortify
Publication date: 2025-08-25
Last updated on: 2025-08-25
Assigner: Moxa Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| moxa | industrial_computers | * |
| moxa | serialinterfaceservice | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5191 is an Unquoted Search Path vulnerability in the SerialInterfaceService.exe utility used by Moxa's industrial computers running Windows. Because the executable path is not quoted, a local attacker with limited privileges can place a malicious executable in a directory that the system searches before the legitimate one. When the Serial Interface service starts, it may run the malicious executable with SYSTEM-level privileges, allowing the attacker to escalate privileges or maintain persistence on the affected device. [1]
How can this vulnerability impact me? :
Successful exploitation of this vulnerability can lead to privilege escalation, giving an attacker SYSTEM-level access on the affected device. This can severely impact the confidentiality, integrity, and availability of the device itself. The attacker could maintain persistence on the device, potentially compromising its operation. However, there is no impact on confidentiality, integrity, or availability of other connected systems. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking the path configuration of the SerialInterfaceService.exe utility for unquoted paths. On the affected Windows system, you can inspect the service executable path using commands like: 1) Using PowerShell: Get-WmiObject win32_service | Where-Object { $_.Name -eq 'SerialInterfaceService' } | Select-Object PathName 2) Using Command Prompt: sc qc SerialInterfaceService and then verify if the executable path contains unquoted spaces. Additionally, monitoring for unusual executables in directories that appear earlier in the system PATH environment variable can help detect attempts to exploit this vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the updated utility versions provided by Moxa, such as Utility v1.2 or later, or installing the security patch SerialInterfaceSetup-6.6.0.exe available from Moxa Technical Support. Additionally, restrict network access to affected devices using firewalls and ACLs, segregate operational networks, disable unused services, implement multi-factor authentication and role-based access control, secure remote access with encrypted protocols, enable logging and audit trails, monitor for anomalies, and conduct regular security assessments to reduce the risk of exploitation. [1]