Moxa CVE-2025-9315: Unauthenticated Device Registration Vulnerability in MXsecurity Series

Monitor6.3MPSA-252631Dec 10, 2025

Summary

A vulnerability in the MXsecurity Series allows an unauthenticated remote attacker to register unauthorized devices by sending a specially crafted JSON payload to the /api/v1/devices/register endpoint. The vulnerability is caused by improper control of dynamically-determined object attributes (CWE-915), enabling unauthorized device registration without authentication. While this has limited data modification impact, it could allow an attacker to add rogue devices to the security management system.

What this means

What could happen

An attacker could register unauthorized devices in your MXsecurity management system without credentials, potentially allowing them to monitor or manipulate network traffic through the compromised registration, though the advisory states no direct impact to device confidentiality or availability.

Who's at risk

Organizations running Moxa MXsecurity Series devices for network security, VPN, or industrial gateway functions should evaluate this risk. MXsecurity is commonly deployed in utilities, manufacturing plants, and critical infrastructure networks for secure device management and traffic inspection. All versions are affected.

How it could be exploited

An attacker sends a specially crafted JSON payload to the publicly accessible /api/v1/devices/register endpoint on a MXsecurity device. No authentication is required. The device accepts the malformed registration request, allowing the attacker to register a device under their control within the security management infrastructure.

Prerequisites

Network access to the MXsecurity device on the port hosting the /api/v1/devices/register API endpoint (typically port 443 for HTTPS)
Knowledge of the correct JSON payload structure for device registration

Remotely exploitableNo authentication requiredLow complexity attackNo patch available

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (1)

ProductAffected VersionsFix Status

MXsecurity SeriesAll versionsNo fix (EOL)

Remediation & Mitigation

0/6

Do now

0/3

WORKAROUNDIsolate MXsecurity device API endpoints from untrusted networks using firewall rules; restrict access to /api/v1/devices/register to authorized administrative networks only

WORKAROUNDDisable or block the device registration API endpoint if not actively used; review and disable unnecessary API services on the MXsecurity device

HARDENINGMonitor the /api/v1/devices/register endpoint for unusual registration requests; implement logging and alerting on registration attempts from unexpected sources

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HARDENINGReview currently registered devices in the MXsecurity system and remove any unauthorized or unexpected devices

HARDENINGContact Moxa support to inquire about available patch timelines or additional mitigations

HOTFIXPlan for MXsecurity firmware update in next maintenance cycle when a patch becomes available

CVEs (1)

CVE-2025-9315

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/501b6c8c-2c02-407e-afaa-62f1c4c05b0e