Moxa CVE-2025-9315: Unauthenticated Device Registration Vulnerability in MXsecurity Series

MonitorCVSS 6.3MPSA-252631Dec 10, 2025

Moxa

Summary

CVE-2025-9315 is an unauthenticated device registration vulnerability in the MXsecurity Series caused by improperly controlled modification of dynamically-determined object attributes (CWE-915). An unauthenticated remote attacker can send a specially crafted JSON payload to the /api/v1/devices/register endpoint to register unauthorized devices without authentication. The vendor has assessed this as medium severity and does not plan to issue a patch. Impact is limited to integrity of the device registry; no direct impact to confidentiality or availability of the appliance or downstream systems.

What this means

What could happen

An attacker can register unauthorized devices on MXsecurity Series appliances without authentication, potentially allowing unauthorized devices to be added to the security infrastructure. Although direct impact to confidentiality and availability is limited, this could degrade access control and enable lateral movement or persistence in your network.

Who's at risk

This affects organizations using Moxa MXsecurity Series appliances for network security, access control, and device management. MXsecurity is commonly deployed in utility networks, manufacturing facilities, and critical infrastructure to manage device identity and access. Any facility using MXsecurity for authentication or device registration should evaluate their network access controls to this appliance.

How it could be exploited

An attacker with network access to the MXsecurity device sends a specially crafted JSON payload to the /api/v1/devices/register endpoint. Since no authentication is required, the attacker can register a device under their control, potentially gaining a foothold in the security appliance's device registry and bypassing intended access controls.

Prerequisites

Network access to the MXsecurity device on the registration API endpoint (/api/v1/devices/register)
No authentication required

remotely exploitableno authentication requiredboundary-risk deviceno patch available

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (1)

ProductAffected VersionsFix Status

MXsecurity SeriesAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRestrict network access to the MXsecurity device registration API endpoint (/api/v1/devices/register) using firewall rules to allow only trusted management networks or hosts

HARDENINGDisable or restrict the device registration endpoint if not actively used in your environment

Mitigations - no patch available

0/2

MXsecurity Series has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement network segmentation to isolate MXsecurity appliances on a dedicated management network with restricted inbound access

HARDENINGMonitor the MXsecurity device registration logs for suspicious registration attempts from unexpected sources

CVEs (1)

CVE-2025-9315

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/501b6c8c-2c02-407e-afaa-62f1c4c05b0e

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.