CVE-2025-1680 — Acceptance of Extraneous Untrusted Data With Trusted Data in Tn-4500a Series

CWE-349 — Acceptance of Extraneous Untrusted Data With Trusted Data3 documents3 sources

Severity

0.0N/ANVD

EPSS

0.0%

top 92.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moxa Tn-4500a Series Moxa Tn-5500a Series Moxa Tn-g4500 Series +1 more

Timeline

PublishedOct 23

Description

An acceptance of extraneous untrusted data with trusted data vulnerability has been identified in Moxa’s Ethernet switches, which allows attackers with administrative privileges to manipulate HTTP Host headers by injecting a specially crafted Host header into HTTP requests sent to an affected device’s web service. This vulnerability is classified as Host Header Injection, where invalid Host headers can manipulate to redirect users, forge links, or phishing attacks. There is no impact to the conf…

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages4 packages

▶CVEListV5moxa/tn-4500a_series1.0 — 3.13

▶CVEListV5moxa/tn-5500a_series1.0 — 3.13

▶CVEListV5moxa/tn-g4500_series1.0 — 5.5

▶CVEListV5moxa/tn-g6500_series1.0 — 5.5

🔴Vulnerability Details

GHSA

GHSA-8fj5-vvv3-q47w: An acceptance of extraneous untrusted data with trusted data vulnerability has been identified in Moxa’s Ethernet switches, which allows attackers wit↗2025-10-23

▶

CVEList

CVE-2025-1680: An acceptance of extraneous untrusted data with trusted data vulnerability has been identified in Moxa’s Ethernet switches, which allows attackers wit↗2025-10-23

▶