CVE-2025-6892Incorrect Authorization in Edf-g1002-bp Series

CWE-863Incorrect AuthorizationCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
8.7HIGHNVD
EPSS
0.1%
top 78.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Moxa Edf-g1002-bp SeriesMoxa Edr-8010 SeriesMoxa Edr-g9010 Series+4 more
Timeline
PublishedOct 17

Description

An Incorrect Authorization vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authentication mechanism allows unauthorized access to protected API endpoints, including those intended for administrative functions. This vulnerability can be exploited after a legitimate user has logged in, as the system fails to properly validate session context or privilege boundaries. An attacker may leverage this flaw to perform unauthorized privileged operatio

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H

Affected Packages7 packages

CVEListV5moxa/nat-102_series1.03.17
CVEListV5moxa/nat-108_series1.03.16
CVEListV5moxa/tn-4900_series1.03.14
CVEListV5moxa/edr-8010_series1.03.17
CVEListV5moxa/edr-g9010_series1.03.14

🔴Vulnerability Details

2
GHSA
GHSA-788j-2rch-2mj2: An Incorrect Authorization vulnerability has been identified in Moxa’s network security appliances and routers2025-10-17
CVEList
CVE-2025-6892: An Incorrect Authorization vulnerability has been identified in Moxa’s network security appliances and routers2025-10-17

📋Vendor Advisories

1
Microsoft
In libsndfile version 1.0.28 an error in the "aiff_read_chanmap()" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file.2017-06-13
CVE-2025-6892 — Incorrect Authorization | cvebase