Moxa CVE-2025-15017: Active Debug Code Vulnerability in Serial Device Servers

Monitor7MPSA-257331Dec 31, 2025

Summary

CVE-2025-15017 is an active debug code vulnerability in Moxa Serial Device Servers. Debug functionality remains enabled in the UART interface without authentication. An attacker with physical access to the device can connect directly to the UART port and execute privileged operations, access sensitive system resources, and compromise the confidentiality, integrity, and availability of the device. The vulnerability is classified as CWE-489 (Active Debug Code) and CAPEC-121 (Exploit Non-Production Interfaces). No security impact to external or downstream systems has been identified.

What this means

What could happen

An attacker with physical access to the serial device server's UART debug port can bypass authentication and execute privileged commands, potentially disrupting device operation or extracting sensitive configuration data. However, the vulnerability does not directly propagate to external systems or networks connected through the device.

Who's at risk

Manufacturing facilities and utilities using Moxa Serial Device Servers for equipment connectivity and remote management, including water authorities and electric utilities that rely on these devices for SCADA gateway or RTU communication bridging.

How it could be exploited

An attacker physically connects to the UART serial interface on the device, accesses the debug console without authentication, and runs privileged commands to modify device behavior, extract configuration, or disable protections. This requires physical presence at the device but no credentials or special expertise.

Prerequisites

Physical access to the device's UART interface connector
A serial terminal or debug cable compatible with the UART port
No credentials or authentication tokens required

requires physical access to deviceno authentication required once physical access gainedlow exploitation complexityhigh impact to device confidentiality, integrity, and availabilityno patch available (all versions affected)affects industrial control system infrastructure

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

Serial Device ServersAll versionsNo fix yet

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGPhysically secure the device in a locked cabinet or control room with restricted access

WORKAROUNDPlace warning labels on the UART interface or disable physical access to debug ports if not operationally necessary

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXApply the firmware update provided by Moxa (consult Moxa support for fixed version availability)

HARDENINGAudit device locations and access logs to ensure no unauthorized physical access has occurred

CVEs (1)

CVE-2025-15017

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d8716944-937d-4047-833a-9661eb1f65f2