CVE-2025-6893
BaseFortify
Publication date: 2025-10-17
Last updated on: 2025-10-21
Assigner: Moxa Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| moxa | edr-g9010 | * |
| moxa | network_security_appliances | * |
| moxa | edr-8010 | * |
| moxa | oncell_g4302-lte4 | * |
| moxa | nat-102 | * |
| moxa | routers | * |
| moxa | nat-108 | * |
| moxa | edf-g1002-bp | * |
| moxa | tn-4900 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-250 | The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Execution with Unnecessary Privileges issue in Moxa's network security appliances and routers. It involves a broken access control flaw in the /api/v1/setting/data endpoint, which allows a low-privileged authenticated user to call the API without the required permissions. This enables the user to access or modify system configuration data improperly, potentially escalating their privileges.
How can this vulnerability impact me? :
The vulnerability can lead to privilege escalation, allowing an attacker with low privileges to access or modify sensitive system settings. This could compromise the security configuration of the affected device, potentially impacting its operation or security posture. However, there is no loss of confidentiality or integrity within any subsequent systems.