CVE-2025-6894
BaseFortify
Publication date: 2025-10-17
Last updated on: 2025-10-21
Assigner: Moxa Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| moxa | edr-g9010 | * |
| moxa | network_security_appliances | * |
| moxa | edr-8010 | * |
| moxa | oncell_g4302-lte4 | * |
| moxa | nat-102 | * |
| moxa | routers | * |
| moxa | nat-108 | * |
| moxa | edf-g1002-bp | * |
| moxa | tn-4900 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-250 | The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Execution with Unnecessary Privileges flaw in Moxa's network security appliances and routers. It occurs because of a flaw in the API authorization logic that allows an authenticated user with low privileges to execute the administrative 'ping' function, which should only be accessible to higher-privileged roles. This means a low-privileged user can perform internal network reconnaissance by discovering internal hosts or services that are normally restricted.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing a low-privileged user to perform internal network reconnaissance, potentially discovering internal hosts or services that should be inaccessible. Repeated exploitation could cause minor resource consumption. Overall, it may lead to some loss of confidentiality and availability on the affected device, but it does not affect the integrity of the device or any subsequent systems.