CVE-2025-1977
Unknown Unknown - Not Provided
Privilege Escalation in NPort 6100/6200-G2 via MCC Tool

Publication date: 2025-12-31

Last updated on: 2025-12-31

Assigner: Moxa Inc.

Description
The NPort 6100-G2/6200-G2 Series is affected by an execution with unnecessary privileges vulnerability (CVE-2025-1977) that allows an authenticated user with read-only access to perform unauthorized configuration changes through the MCC (Moxa CLI Configuration) tool. The issue can be exploited remotely over the network with low-attack complexity and no user interaction but requires specific system conditions or configurations to be present. Successful exploitation may result in changes to device settings that were not intended to be permitted for the affected user role, potentially leading to a high impact on the confidentiality, integrity, and availability of the device. No impact on other systems has been identified.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-31
Last Modified
2025-12-31
Generated
2026-06-16
AI Q&A
2025-12-31
EPSS Evaluated
2026-06-15
NVD
CVE-2025-1977
EUVD
EUVD-2025-205902
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
moxa nport_6200-g2 1.0.0
moxa nport_6100-g2 1.0.0
moxa nport_6200-g2 1.1.0
moxa nport_6100-g2 1.1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-250 The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-1977 is a vulnerability in the Moxa NPort 6100-G2/6200-G2 Series devices where an authenticated user with only read-only access can exploit the Moxa CLI Configuration (MCC) tool to make unauthorized configuration changes. This happens because the user is granted unnecessary execution privileges. The vulnerability can be exploited remotely over the network with low attack complexity and no user interaction, but it requires certain system conditions or configurations. Successful exploitation can lead to unauthorized changes in device settings, affecting the device's confidentiality, integrity, and availability. [1]

Impact Analysis

This vulnerability can allow an authenticated user with read-only access to make unauthorized configuration changes to the affected device. Such changes can compromise the confidentiality, integrity, and availability of the device, potentially disrupting its normal operation or exposing sensitive device settings. However, no impact on other systems beyond the affected device has been identified. [1]

Detection Guidance

Detection of this vulnerability involves monitoring for unauthorized configuration changes made by users with read-only access via the MCC tool. Network anomaly detection and logging should be implemented to identify suspicious activities. Specific commands are not provided in the resources, but monitoring logs for MCC tool usage and configuration changes is recommended. [1]

Mitigation Strategies

Immediate mitigation steps include updating the device firmware to version 1.1.0 or later, which contains the security patch. If updating is not possible, restrict network access to the devices using firewalls or ACLs, segregate operational networks, disable unused services and ports, enhance authentication with multi-factor authentication (MFA) and role-based access control (RBAC), secure remote access with encrypted protocols such as VPN or SSH, implement anomaly detection and logging, and conduct regular security assessments. [1]

Compliance Impact

The vulnerability allows unauthorized configuration changes that can impact the confidentiality, integrity, and availability of the affected device. Such impacts could potentially lead to non-compliance with standards and regulations like GDPR and HIPAA, which require protection of data confidentiality and integrity. However, the provided resources do not explicitly discuss compliance implications or specific effects on regulatory requirements. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-1977. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart