CVE-2025-1680
BaseFortify
Publication date: 2025-10-23
Last updated on: 2025-10-27
Assigner: Moxa Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| moxa | tn-5500a | * |
| moxa | tn-4528a | 3.13.4 |
| moxa | tn-g6500 | * |
| moxa | tn-4500a | * |
| moxa | tn-4528a | 3.6.94 |
| moxa | tn-g4500 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-349 | The product, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Host Header Injection in Moxa's Ethernet switches. It occurs when the device accepts untrusted data along with trusted data, allowing attackers with administrative privileges to manipulate HTTP Host headers by injecting specially crafted Host headers into HTTP requests sent to the device's web service. This can be used to redirect users, forge links, or conduct phishing attacks.
How can this vulnerability impact me? :
The vulnerability allows attackers with administrative privileges to manipulate HTTP Host headers, potentially redirecting users, forging links, or enabling phishing attacks. However, it does not impact the confidentiality, integrity, or availability of the affected device or any subsequent systems.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
There is no information provided about the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.