{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-6894", "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "state": "PUBLISHED", "assignerShortName": "Moxa", "dateReserved": "2025-06-28T15:51:38.895Z", "datePublished": "2025-10-17T02:25:15.293Z", "dateUpdated": "2025-10-17T02:25:15.293Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "EDR-G9010 Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "3.14", "status": "affected", "version": "1.0", "versionType": "custom"}, {"status": "unaffected", "version": "3.21"}]}, {"defaultStatus": "unaffected", "product": "EDR-8010 Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "3.17", "status": "affected", "version": "1.0", "versionType": "custom"}, {"status": "unaffected", "version": "3.21"}]}, {"defaultStatus": "unaffected", "product": "EDF-G1002-BP Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "3.17", "status": "affected", "version": "1.0", "versionType": "custom"}, {"status": "unaffected", "version": "3.21"}]}, {"defaultStatus": "unaffected", "product": "TN-4900 Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "3.14", "status": "affected", "version": "1.0", "versionType": "custom"}, {"status": "unaffected", "version": "3.21"}]}, {"defaultStatus": "unaffected", "product": "NAT-102 Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "3.17", "status": "affected", "version": "1.0", "versionType": "custom"}, {"status": "unaffected", "version": "3.21", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "NAT-108 Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "3.16", "status": "affected", "version": "1.0", "versionType": "custom"}, {"status": "unaffected", "version": "3.21"}]}, {"defaultStatus": "unaffected", "product": "OnCell G4302-LTE4 Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "3.13", "status": "affected", "version": "1.0", "versionType": "custom"}, {"status": "unaffected", "version": "3.21.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">An Execution with Unnecessary Privileges vulnerability has been identified in Moxa\u2019s network security appliances and routers. </span><span style=\"background-color: rgb(255, 255, 255);\">A flaw in the API authorization logic of the affected device allows an authenticated, low-privileged user to execute the administrative `ping` function, which is restricted to higher-privileged roles. This </span><span style=\"background-color: rgb(255, 255, 255);\">vulnerability</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;enables the user to perform internal network reconnaissance, potentially discovering internal hosts or services that would otherwise be inaccessible. Repeated exploitation could lead to minor resource consumption. While the overall impact is limited, it may result in some loss of confidentiality and availability on the affected device. There is no impact on the integrity of the device, and the vulnerability does not affect any subsequent systems.</span><br>"}], "value": "An Execution with Unnecessary Privileges vulnerability has been identified in Moxa\u2019s network security appliances and routers. A flaw in the API authorization logic of the affected device allows an authenticated, low-privileged user to execute the administrative `ping` function, which is restricted to higher-privileged roles. This vulnerability\u00a0enables the user to perform internal network reconnaissance, potentially discovering internal hosts or services that would otherwise be inaccessible. Repeated exploitation could lead to minor resource consumption. While the overall impact is limited, it may result in some loss of confidentiality and availability on the affected device. There is no impact on the integrity of the device, and the vulnerability does not affect any subsequent systems."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233: Privilege Escalation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 5.3, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-250", "description": "CWE-250: Execution with Unnecessary Privileges", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "shortName": "Moxa", "dateUpdated": "2025-10-17T02:25:15.293Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-258121-cve-2025-6892,-cve-2025-6893,-cve-2025-6894,-cve-2025-6949,-cve-2025-6950-multiple-vulnerabilities-in-netwo"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Moxa has developed appropriate solutions to address the vulnerability. Please refer to&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-258121-cve-2025-6892,-cve-2025-6893,-cve-2025-6894,-cve-2025-6949,-cve-2025-6950-multiple-vulnerabilities-in-netwo\">https://www.moxa.com/en/support/product-support/security-advisory/mpsa-258121-cve-2025-6892,-cve-202...</a>"}], "value": "Moxa has developed appropriate solutions to address the vulnerability. Please refer to\u00a0 https://www.moxa.com/en/support/product-support/security-advisory/mpsa-258121-cve-2025-6892,-cve-202... https://www.moxa.com/en/support/product-support/security-advisory/mpsa-258121-cve-2025-6892,-cve-2025-6893,-cve-2025-6894,-cve-2025-6949,-cve-2025-6950-multiple-vulnerabilities-in-netwo"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An Execution with Unnecessary Privileges vulnerability has been identified in Moxa\u2019s network security appliances and routers. A flaw in the API authorization logic of the affected device allows an authenticated, low-privileged user to execute the administrative `ping` function, which is restricted to higher-privileged roles. This vulnerability\u00a0enables the user to perform internal network reconnaissance, potentially discovering internal hosts or services that would otherwise be inaccessible. Repeated exploitation could lead to minor resource consumption. While the overall impact is limited, it may result in some loss of confidentiality and availability on the affected device. There is no impact on the integrity of the device, and the vulnerability does not affect any subsequent systems."}], "id": "CVE-2025-6894", "lastModified": "2025-10-17T03:15:36.540", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "psirt@moxa.com", "type": "Secondary"}]}, "published": "2025-10-17T03:15:36.540", "references": [{"source": "psirt@moxa.com", "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-258121-cve-2025-6892,-cve-2025-6893,-cve-2025-6894,-cve-2025-6949,-cve-2025-6950-multiple-vulnerabilities-in-netwo"}], "sourceIdentifier": "psirt@moxa.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-250"}], "source": "psirt@moxa.com", "type": "Secondary"}]}

{}

{}