CVE-2025-6949
BaseFortify
Publication date: 2025-10-17
Last updated on: 2025-10-21
Assigner: Moxa Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| moxa | edr-g9010 | * |
| moxa | network_security_appliances | * |
| moxa | edr-8010 | * |
| moxa | oncell_g4302-lte4 | * |
| moxa | nat-102 | * |
| moxa | routers | * |
| moxa | nat-108 | * |
| moxa | edf-g1002-bp | * |
| moxa | tn-4900 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-250 | The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Execution with Unnecessary Privileges flaw in Moxa's network security appliances and routers. It is a critical authorization issue in the API that allows an authenticated user with low privileges to create new administrator accounts, even with usernames identical to existing users. This can lead to full administrative control over the device and potential account impersonation.
How can this vulnerability impact me? :
Exploiting this vulnerability can give an attacker full administrative control over the affected device, compromising its confidentiality, integrity, and availability. This could lead to unauthorized changes, disruption of services, and impersonation of legitimate accounts on the device itself. However, it does not affect the confidentiality or integrity of other connected systems.