{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-15017", "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "state": "PUBLISHED", "assignerShortName": "Moxa", "dateReserved": "2025-12-22T02:07:12.459Z", "datePublished": "2025-12-31T07:44:24.344Z", "dateUpdated": "2025-12-31T16:06:32.337Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "NPort 5000AI-M12 Series", "vendor": "Moxa", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "NPort 5100 Series", "vendor": "Moxa", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "NPort 5100A Series", "vendor": "Moxa", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "NPort 5200 Series", "vendor": "Moxa", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "NPort 5200A Series", "vendor": "Moxa", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "NPort 5400 Series", "vendor": "Moxa", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "NPort 5600 Series", "vendor": "Moxa", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "NPort 5600-DT Series", "vendor": "Moxa", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "NPort IA5000 Series", "vendor": "Moxa", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "NPort IA5000A Series", "vendor": "Moxa", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "NPort IA5000-G2 Series", "vendor": "Moxa", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moxa:nport_5000ai-m12_series:1.0:*:*:*:*:*:*:*", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:moxa:nport_5100_series:1.0:*:*:*:*:*:*:*", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:moxa:nport_5100a_series:1.0:*:*:*:*:*:*:*", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:moxa:nport_5200_series:1.0:*:*:*:*:*:*:*", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:moxa:nport_5200a_series:1.0:*:*:*:*:*:*:*", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:moxa:nport_5400_series:1.0:*:*:*:*:*:*:*", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:moxa:nport_5600_series:1.0:*:*:*:*:*:*:*", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:moxa:nport_5600-dt_series:1.0:*:*:*:*:*:*:*", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:moxa:nport_ia5000_series:1.0:*:*:*:*:*:*:*", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:moxa:nport_ia5000a_series:1.0:*:*:*:*:*:*:*", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:moxa:nport_ia5000-g2_series:1.0:*:*:*:*:*:*:*", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. </span><span style=\"background-color: rgb(255, 255, 255);\">An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain unauthorized access to internal debug functionality. </span><span style=\"background-color: rgb(255, 255, 255);\">Exploitation is low complexity and allows an attacker to execute privileged operations and access sensitive system resources, resulting in a high impact to the confidentiality, integrity, and availability of the affected device. </span><span style=\"background-color: rgb(255, 255, 255);\">No security impact to external or dependent systems has been identified.</span><br>"}], "value": "A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain unauthorized access to internal debug functionality. Exploitation is low complexity and allows an attacker to execute privileged operations and access sensitive system resources, resulting in a high impact to the confidentiality, integrity, and availability of the affected device. No security impact to external or dependent systems has been identified."}], "impacts": [{"capecId": "CAPEC-121", "descriptions": [{"lang": "en", "value": "CAPEC-121: Exploit Non-Production Interfaces"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "PHYSICAL", "baseScore": 7, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-489", "description": "CWE-489: Active Debug Code", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "shortName": "Moxa", "dateUpdated": "2025-12-31T07:44:24.344Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-257331-cve-2025-15017-active-debug-code-vulnerability-in-serial-device-servers"}], "source": {"discovery": "EXTERNAL"}, "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<ul><li>For the NPort 5000 Series, make sure that the physical protection of the NPort devices and/or the system meets the security needs of your application. By limiting physical access to authorized personnel, you significantly reduce the risk of local cyberattacks. Please refer to <strong><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-edge-connectivity/serial-device-servers/general-device-servers/nport-5100-series#resources\">The Security Hardening Guide for NPort 5000 Series (v2.4 or later)</a></strong>&nbsp;for more information.</li></ul>"}], "value": "* For the NPort 5000 Series, make sure that the physical protection of the NPort devices and/or the system meets the security needs of your application. By limiting physical access to authorized personnel, you significantly reduce the risk of local cyberattacks. Please refer to The Security Hardening Guide for NPort 5000 Series (v2.4 or later) https://www.moxa.com/en/products/industrial-edge-connectivity/serial-device-servers/general-device-servers/nport-5100-series#resources \u00a0for more information."}], "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-31T16:06:25.868011Z", "id": "CVE-2025-15017", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-31T16:06:32.337Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-15017", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-31T16:06:25.868011Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-31T16:06:29.268Z"}}], "cna": {"source": {"discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-121", "descriptions": [{"lang": "en", "value": "CAPEC-121: Exploit Non-Production Interfaces"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7, "Automatable": "NOT_DEFINED", "attackVector": "PHYSICAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Moxa", "product": "NPort 5000AI-M12 Series", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "Moxa", "product": "NPort 5100 Series", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "Moxa", "product": "NPort 5100A Series", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "Moxa", "product": "NPort 5200 Series", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "Moxa", "product": "NPort 5200A Series", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "Moxa", "product": "NPort 5400 Series", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "Moxa", "product": "NPort 5600 Series", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "Moxa", "product": "NPort 5600-DT Series", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "Moxa", "product": "NPort IA5000 Series", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "Moxa", "product": "NPort IA5000A Series", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "Moxa", "product": "NPort IA5000-G2 Series", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom"}], "defaultStatus": "affected"}], "references": [{"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-257331-cve-2025-15017-active-debug-code-vulnerability-in-serial-device-servers", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "* For the NPort 5000 Series, make sure that the physical protection of the NPort devices and/or the system meets the security needs of your application. By limiting physical access to authorized personnel, you significantly reduce the risk of local cyberattacks. Please refer to The Security Hardening Guide for NPort 5000 Series (v2.4 or later) https://www.moxa.com/en/products/industrial-edge-connectivity/serial-device-servers/general-device-servers/nport-5100-series#resources \u00a0for more information.", "supportingMedia": [{"type": "text/html", "value": "<ul><li>For the NPort 5000 Series, make sure that the physical protection of the NPort devices and/or the system meets the security needs of your application. By limiting physical access to authorized personnel, you significantly reduce the risk of local cyberattacks. Please refer to <strong><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-edge-connectivity/serial-device-servers/general-device-servers/nport-5100-series#resources\">The Security Hardening Guide for NPort 5000 Series (v2.4 or later)</a></strong>&nbsp;for more information.</li></ul>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain unauthorized access to internal debug functionality. Exploitation is low complexity and allows an attacker to execute privileged operations and access sensitive system resources, resulting in a high impact to the confidentiality, integrity, and availability of the affected device. No security impact to external or dependent systems has been identified.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. </span><span style=\"background-color: rgb(255, 255, 255);\">An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain unauthorized access to internal debug functionality. </span><span style=\"background-color: rgb(255, 255, 255);\">Exploitation is low complexity and allows an attacker to execute privileged operations and access sensitive system resources, resulting in a high impact to the confidentiality, integrity, and availability of the affected device. </span><span style=\"background-color: rgb(255, 255, 255);\">No security impact to external or dependent systems has been identified.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-489", "description": "CWE-489: Active Debug Code"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moxa:nport_5000ai-m12_series:1.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moxa:nport_5100_series:1.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moxa:nport_5100a_series:1.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moxa:nport_5200_series:1.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moxa:nport_5200a_series:1.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moxa:nport_5400_series:1.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moxa:nport_5600_series:1.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moxa:nport_5600-dt_series:1.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moxa:nport_ia5000_series:1.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moxa:nport_ia5000a_series:1.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moxa:nport_ia5000-g2_series:1.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "shortName": "Moxa", "dateUpdated": "2025-12-31T07:44:24.344Z"}}}, "cveMetadata": {"cveId": "CVE-2025-15017", "state": "PUBLISHED", "dateUpdated": "2025-12-31T16:06:32.337Z", "dateReserved": "2025-12-22T02:07:12.459Z", "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "datePublished": "2025-12-31T07:44:24.344Z", "assignerShortName": "Moxa"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain unauthorized access to internal debug functionality. Exploitation is low complexity and allows an attacker to execute privileged operations and access sensitive system resources, resulting in a high impact to the confidentiality, integrity, and availability of the affected device. No security impact to external or dependent systems has been identified."}], "id": "CVE-2025-15017", "lastModified": "2025-12-31T20:42:15.637", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "PHYSICAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "psirt@moxa.com", "type": "Secondary"}]}, "published": "2025-12-31T08:15:44.303", "references": [{"source": "psirt@moxa.com", "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-257331-cve-2025-15017-active-debug-code-vulnerability-in-serial-device-servers"}], "sourceIdentifier": "psirt@moxa.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-489"}], "source": "psirt@moxa.com", "type": "Secondary"}]}

{}

{}