CVE-2025-1679
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-23

Last updated on: 2025-10-27

Assigner: Moxa Inc.

Description
Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device’s web service that could impact authenticated users interacting with the device’s web interface. This vulnerability is classified as stored cross-site scripting (XSS); attackers inject malicious scripts into the system, and the scripts persist across sessions. There is no impact to the confidentiality, integrity, and availability of the affected device; no loss of availability within any subsequent systems but has some loss of confidentiality and integrity within the subsequent system.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-23
Last Modified
2025-10-27
Generated
2026-06-16
AI Q&A
2025-10-23
EPSS Evaluated
2026-06-15
NVD
CVE-2025-1679
EUVD
EUVD-2025-35687
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
moxa ethernet_switch *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-1679 is a stored cross-site scripting (XSS) vulnerability in Moxa Ethernet switches. It allows an authenticated administrative attacker to inject malicious scripts into the device's web service, which persist across sessions. These scripts can then execute in the browsers of authenticated users interacting with the device's web interface, potentially leading to theft of cookies, session tokens, keylogging, or manipulation of the web interface content. The vulnerability requires administrative privileges and user interaction to exploit. [1, 2]

Impact Analysis

This vulnerability can impact you by allowing attackers to inject malicious scripts that execute in the browsers of authenticated users accessing the device's web interface. This can lead to theft of sensitive information such as cookies or session tokens, keylogging, and defacement or manipulation of the web interface. While there is no direct impact on the device's confidentiality, integrity, or availability, there can be some loss of confidentiality and integrity in subsequent systems that interact with the device. [1, 2]

Detection Guidance

Detection of CVE-2025-1679 involves monitoring for anomalous or unexpected script injections in the web interface of affected Moxa Ethernet switches. Since the vulnerability requires authenticated administrative access and user interaction, detection can include reviewing web server logs and event logs for suspicious input or script payloads. Network traffic monitoring for unusual HTTP requests to the device's web service may help identify exploitation attempts. Specific commands are not provided in the resources, but general recommendations include enabling event logging, audit trails, and regularly reviewing logs for anomalies. [1]

Mitigation Strategies

Immediate mitigation steps include: restricting network access to the affected devices using firewalls and access control lists (ACLs) to trusted IP addresses; segregating operational networks from enterprise networks using VLANs or physical separation; avoiding direct exposure of devices to the Internet; disabling unused services and ports; implementing multi-factor authentication (MFA) and role-based access control (RBAC); regularly updating firmware and applying security patches provided by Moxa (e.g., updating TN-4500A and TN-5500A series to firmware v4.0 or later, and applying security patch v5.5.255 for TN-G4500 and TN-G6500 series); using encrypted protocols such as VPN or SSH for remote access and restricting access to authorized personnel; monitoring network traffic and device behavior for anomalies; enabling event logging and audit trails and regularly reviewing logs; and conducting regular vulnerability assessments and configuration reviews. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-1679. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart