CVE-2025-6950

CWE-798 — Hard-coded Credentials3 documents3 sources

Severity

9.9CRITICAL

EPSS

0.4%

top 41.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moxa Edf-g1002-bp Series Moxa Edr-8010 Series Moxa Edr-g9010 Series +4 more

Timeline

PublishedOct 17

Description

An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security appliances and routers. The system employs a hard-coded secret key to sign JSON Web Tokens (JWT) used for authentication. This insecure implementation allows an unauthenticated attacker to forge valid tokens, thereby bypassing authentication controls and impersonating any user. Exploitation of this vulnerability can result in complete system compromise, enabling unauthorized access, data theft, and full…

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H

Affected Packages7 packages

▶CVEListV5moxa/nat-102_series1.0 — 3.17

▶CVEListV5moxa/nat-108_series1.0 — 3.16

▶CVEListV5moxa/tn-4900_series1.0 — 3.14

▶CVEListV5moxa/edr-8010_series1.0 — 3.17

▶CVEListV5moxa/edr-g9010_series1.0 — 3.14

🔴Vulnerability Details

CVEList

CVE-2025-6950: An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security appliances and routers↗2025-10-17

▶

GHSA

GHSA-29jf-57xj-hxj2: An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security appliances and routers↗2025-10-17

▶