CVE-2025-6949
CVE-2025-6949
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 9.3EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
17 out 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A critical authorization flaw in the API allows an authenticated, low-privileged user to create a new administrator account, including accounts with usernames identical to existing users. In certain scenarios, this vulnerability could allow an attacker to gain full administrative control over the affected device, leading to potential account impersonation. While successful exploitation can severely impact the confidentiality, integrity, and availability of the affected device itself, there is no loss of confidentiality or integrity within any subsequent systems.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H
Produtos afetados
Moxa · EDF-G1002-BP SeriesMoxa · EDR-8010 SeriesMoxa · EDR-G9010 SeriesMoxa · NAT-102 SeriesMoxa · NAT-108 SeriesMoxa · OnCell G4302-LTE4 SeriesMoxa · TN-4900 SeriesQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →