← voltar
CVE-2025-15017

CVE-2025-15017

CVSS 7 HIGHEPSS 0.2%CWE-489
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
31 dez 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain unauthorized access to internal debug functionality. Exploitation is low complexity and allows an attacker to execute privileged operations and access sensitive system resources, resulting in a high impact to the confidentiality, integrity, and availability of the affected device. No security impact to external or dependent systems has been identified.
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
Moxa · NPort 5000AI-M12 SeriesMoxa · NPort 5100A SeriesMoxa · NPort 5100 SeriesMoxa · NPort 5200A SeriesMoxa · NPort 5200 SeriesMoxa · NPort 5400 SeriesMoxa · NPort 5600-DT SeriesMoxa · NPort 5600 SeriesMoxa · NPort IA5000A SeriesMoxa · NPort IA5000-G2 SeriesMoxa · NPort IA5000 Series

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-257331-cve-2025-15017-active-debug-code-vulnerability-in-serial-device-servers