CVE-2025-6894

CWE-2503 documents3 sources

Severity

5.3MEDIUM

EPSS

0.1%

top 66.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moxa Edf-g1002-bp Series Moxa Edr-8010 Series Moxa Edr-g9010 Series +4 more

Timeline

PublishedOct 17

Description

An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authorization logic of the affected device allows an authenticated, low-privileged user to execute the administrative `ping` function, which is restricted to higher-privileged roles. This vulnerability enables the user to perform internal network reconnaissance, potentially discovering internal hosts or services that would otherwise be inaccessible. Repe…

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages7 packages

▶CVEListV5moxa/nat-102_series1.0 — 3.17

▶CVEListV5moxa/nat-108_series1.0 — 3.16

▶CVEListV5moxa/tn-4900_series1.0 — 3.14

▶CVEListV5moxa/edr-8010_series1.0 — 3.17

▶CVEListV5moxa/edr-g9010_series1.0 — 3.14

🔴Vulnerability Details

GHSA

GHSA-v98x-vq93-cw8f: An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers↗2025-10-17

▶

CVEList

CVE-2025-6894: An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers↗2025-10-17

▶