Moxa CVE-2025-0676: Command Injection Leading to Privilege Escalation in Secure Routers, Cellular Routers, Network Security Appliances

Plan PatchCVSS 8.6MPSA-251431Apr 2, 2025

Moxa

Summary

CVE-2025-0676 is a command injection vulnerability in Moxa secure routers, cellular routers, and network security appliances. The vulnerability exists in tcpdump and allows an authenticated attacker with console access to inject arbitrary system commands by exploiting improper input validation. Successful exploitation results in privilege escalation to root-level access, enabling the attacker to gain full control of the device, disrupt network services, and potentially affect the availability of downstream systems dependent on the device's connectivity.

What this means

What could happen

An authenticated attacker with console access to a Moxa secure router, cellular router, or network security appliance could inject commands and gain root-level control of the device, disrupting network services and potentially affecting downstream systems that depend on the device's connectivity.

Who's at risk

Water utilities, municipal electric utilities, and other critical infrastructure operators using Moxa secure routers, cellular routers, or network security appliances for SCADA connectivity, remote monitoring, or network perimeter protection should prioritize this vulnerability. This affects organizations relying on these devices for network resilience and availability in OT environments.

How it could be exploited

An attacker with valid console credentials connects to the device's administrative interface and exploits improper input validation in the tcpdump command to inject arbitrary system commands. Once executed with elevated privileges, the attacker achieves root shell access and can maintain persistent control.

Prerequisites

Valid console credentials (engineering or administrative account)
Local console access or remote administrative access to the device
Knowledge of tcpdump command syntax and parameter injection techniques

High CVSS score (8.6)Requires valid credentials and console access (mitigating factor)Could lead to root-level compromise and persistent controlAffects network infrastructure devices critical to OT connectivityLow exploitation probability (EPSS 1.6%) but high impact if exploited

Exploitability

Some exploitation risk — EPSS score 1.6%

Affected products (1)

ProductAffected VersionsFix Status

CVE-2025-0676: Command Injection Leading to Privilege Escalation in Secure Routers, Cellular Routers, Network Security AAll versionsNo fix yet

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict console and administrative access to authorized personnel only using role-based access controls or firewall rules

HARDENINGMonitor router logs and audit trails for signs of unauthorized command execution or privilege escalation attempts

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Moxa secure routers, cellular routers, and network security appliances to the latest firmware version released by Moxa for CVE-2025-0676 remediation

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate management access to routers to a protected administrative network

CVEs (1)

CVE-2025-0676

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b6a5606e-cc07-42bd-b25a-5c5f8c72f782

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.