CVE-2025-6949

CWE-2507 documents7 sources

Severity

9.3CRITICAL

EPSS

0.1%

top 74.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moxa Edf-g1002-bp Series Moxa Edr-8010 Series Moxa Edr-g9010 Series +4 more

Timeline

PublishedOct 17

Latest updateDec 16

Description

An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A critical authorization flaw in the API allows an authenticated, low-privileged user to create a new administrator account, including accounts with usernames identical to existing users. In certain scenarios, this vulnerability could allow an attacker to gain full administrative control over the affected device, leading to potential account impersonation. While successfu…

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H

Affected Packages7 packages

▶CVEListV5moxa/nat-102_series1.0 — 3.17

▶CVEListV5moxa/nat-108_series1.0 — 3.16

▶CVEListV5moxa/tn-4900_series1.0 — 3.14

▶CVEListV5moxa/edr-8010_series1.0 — 3.17

▶CVEListV5moxa/edr-g9010_series1.0 — 3.14

🔴Vulnerability Details

OSV

net/smc: fix general protection fault in __smc_diag_dump↗2025-12-16

▶

CVEList

CVE-2025-6949: An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers↗2025-10-17

▶

GHSA

GHSA-xqwv-wj6g-m73m: An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers↗2025-10-17

▶

📋Vendor Advisories

Red Hat

kernel: net/smc: fix general protection fault in __smc_diag_dump↗2025-12-16

▶

💬Community

Bugzilla

CVE-2025-40357 kernel: net/smc: fix general protection fault in __smc_diag_dump↗2025-12-16

▶