CVE-2025-9315
BaseFortify
Publication date: 2025-12-10
Last updated on: 2025-12-10
Assigner: Moxa Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| moxa | mxsecurity_series | 4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-915 | The product receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unauthenticated device registration flaw in the MXsecurity Series. It occurs because the system improperly controls modification of dynamically-determined object attributes. An attacker who is not authenticated can send a specially crafted JSON payload to the device's registration endpoint (/api/v1/devices/register) to register unauthorized devices without needing to authenticate.
How can this vulnerability impact me? :
Exploiting this vulnerability allows an attacker to register unauthorized devices on the system without authentication. However, the impact is limited as there is no modification of data beyond registration, and no impact on confidentiality, integrity, or availability of the affected device or any subsequent systems.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthorized device registration without authentication but does not impact the confidentiality, integrity, or availability of the affected device or connected systems. Therefore, while it poses a security risk, there is no direct indication that it compromises compliance with standards like GDPR or HIPAA, which primarily focus on data confidentiality and integrity. However, unauthorized device registration could potentially lead to indirect compliance concerns if exploited in a broader attack scenario. Recommended mitigations such as network restrictions, enhanced authentication, and regular security assessments help maintain compliance. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring network traffic for unauthorized POST requests to the device registration endpoint /api/v1/devices/register containing specially crafted JSON payloads. You can use network analysis tools like tcpdump or Wireshark to capture and inspect such traffic. For example, a tcpdump command to filter HTTP POST requests to the endpoint might be: tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' and then filter for POST requests to /api/v1/devices/register. Additionally, reviewing device logs for unexpected device registration events or anomalies can help detect exploitation attempts. Implementing anomaly detection and logging as recommended can assist in identifying suspicious activities related to this vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting network access to the affected devices by using firewalls and access control lists (ACLs) to limit exposure of the /api/v1/devices/register endpoint. Segregate operational networks to minimize attack surfaces, disable unused services and ports, and enhance authentication mechanisms by implementing multi-factor authentication (MFA) and role-based access control (RBAC). Ensure remote access is secured using encrypted protocols such as VPN or SSH. Regularly update the device firmware and software to the fixed version 2.3.1 or later provided by Moxa. Additionally, implement anomaly detection and logging to monitor for suspicious activities and conduct regular security assessments. [1]