CVE-2025-6950
BaseFortify
Publication date: 2025-10-17
Last updated on: 2025-10-21
Assigner: Moxa Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| moxa | edr-g9010 | * |
| moxa | edr-8010 | * |
| moxa | oncell_g4302-lte4 | * |
| moxa | nat-102 | * |
| moxa | router | * |
| moxa | network_security_appliance | * |
| moxa | nat-108 | * |
| moxa | edf-g1002-bp | * |
| moxa | tn-4900 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the use of hard-coded credentials in Moxa's network security appliances and routers. Specifically, a hard-coded secret key is used to sign JSON Web Tokens (JWT) for authentication. Because the key is hard-coded and not securely managed, an unauthenticated attacker can forge valid tokens, bypass authentication controls, and impersonate any user on the device.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to complete system compromise. An attacker can gain unauthorized access, steal data, and obtain full administrative control over the affected device. This severely impacts the confidentiality, integrity, and availability of the device itself.