CVE-2025-6892
BaseFortify
Publication date: 2025-10-17
Last updated on: 2025-10-21
Assigner: Moxa Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| moxa | network_security_appliances | * |
| moxa | routers | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Incorrect Authorization flaw in Moxa's network security appliances and routers. It occurs because the API authentication mechanism does not properly validate session context or privilege boundaries after a legitimate user logs in. This allows an attacker to access protected API endpoints, including administrative functions, without proper authorization.
How can this vulnerability impact me? :
Exploiting this vulnerability can allow an attacker to perform unauthorized privileged operations on the affected device, severely impacting its confidentiality, integrity, and availability. However, it does not affect the confidentiality or integrity of any subsequent systems connected to the device.