OTPulse

Moxa CVE-2025-15017: Active Debug Code Vulnerability in Serial Device Servers

MonitorCVSS 7MPSA-257331Dec 31, 2025
MoxaManufacturing
Summary

A vulnerability exists in Moxa serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, gain unauthorized access to internal debug functionality. Exploitation allows an attacker to execute privileged operations and access sensitive system resources.

What this means
What could happen
An attacker with physical access to a serial device server can gain full debug access and execute privileged commands, potentially compromising the device's confidentiality, integrity, and availability. However, this vulnerability is limited to devices that can be physically accessed.
Who's at risk
Manufacturing facilities using Moxa serial device servers should assess their physical security controls around these devices. Facilities in areas where unauthorized personnel may have access to equipment racks or control cabinets face elevated risk, particularly in shared or open floor environments.
How it could be exploited
An attacker with physical access to the device opens the enclosure and connects directly to the exposed UART interface using a serial console cable. No credentials or authentication are required. Once connected, the attacker can interact with the debug interface to execute privileged operations and read sensitive system information stored on the device.
Prerequisites
  • Physical access to the device
  • Ability to open device enclosure or access internal UART pins
  • Serial console cable or equivalent hardware connection tool
  • Knowledge of serial console interaction
Physical access requiredNo authentication requiredLow complexity exploitationNo patch availableAffects device confidentiality, integrity, and availabilityDebug code enabled in production
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (1)
ProductAffected VersionsFix Status
Serial Device ServersAll versionsNo fix yet
Remediation & Mitigation
0/5
Do now
0/2
HARDENINGRestrict physical access to serial device servers by securing them in locked cabinets or equipment racks with access controls
WORKAROUNDDisable or remove UART debug interface access ports, if feasible without impacting operational requirements
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGCover or protect exposed UART pins with physical seals or tamper-evident materials to prevent unauthorized connections
Long-term hardening
0/2
HARDENINGImplement environmental monitoring and access logging for equipment cabinets containing serial device servers
HOTFIXContact Moxa to inquire about firmware updates or security patches that disable debug functionality
View full Moxa Security advisory
API: /api/v1/advisories/d8716944-937d-4047-833a-9661eb1f65f2

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.

Moxa CVE-2025-15017: Active Debug Code Vulnerability in Serial Device Servers | CVSS 7 - OTPulse