CVE-2025-15017

CVSS 7 HIGHEPSS 0.2%CWE-489

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 7EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

31 dic 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain unauthorized access to internal debug functionality. Exploitation is low complexity and allows an attacker to execute privileged operations and access sensitive system resources, resulting in a high impact to the confidentiality, integrity, and availability of the affected device. No security impact to external or dependent systems has been identified.

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Productos afectados

Moxa · NPort 5000AI-M12 Series Moxa · NPort 5100A Series Moxa · NPort 5100 Series Moxa · NPort 5200A Series Moxa · NPort 5200 Series Moxa · NPort 5400 Series Moxa · NPort 5600-DT Series Moxa · NPort 5600 Series Moxa · NPort IA5000A Series Moxa · NPort IA5000-G2 Series Moxa · NPort IA5000 Series

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-257331-cve-2025-15017-active-debug-code-vulnerability-in-serial-device-servers