CVE-2025-9315

CWE-9153 documents3 sources
Severity
6.3MEDIUM
EPSS
0.4%
top 37.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Moxa Mxsecurity Series
Timeline
PublishedDec 10

Description

An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity Series. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted JSON payload to the device's registration endpoint /api/v1/devices/register, allowing the attacker to register unauthorized devices without authentication. Although exploiting this vulnerability has limited modifi

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5moxa/mxsecurity_series1.02.3.0

🔴Vulnerability Details

2
GHSA
GHSA-8ggx-mv5h-wj7q: An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has be2025-12-10
CVEList
Unauthenticated Device Registration Vulnerability in MXsecurity Series2025-12-10
CVE-2025-9315 (MEDIUM CVSS 6.3) | An unauthenticated device registrat | cvebase.io