Moxa CVE-2025-6892, CVE-2025-6893, CVE-2025-6894, CVE-2025-6949, CVE-2025-6950: Multiple Vulnerabilities in Network Security Appliances and Routers

MonitorCVSS 4MPSA-258121Oct 17, 2025

Moxa

Summary

Five vulnerabilities have been identified in Moxa network security appliances and routers that allow unauthorized privilege escalation and access to protected API endpoints. CVE-2025-6892 exploits a flaw in API session validation that allows an authenticated user to bypass privilege boundaries and access administrative functions. CVE-2025-6893 allows a low-privileged authenticated user to call the /api/v1/setting/data endpoint without required permissions, enabling modification of system configuration. CVE-2025-6894 allows a low-privileged user to execute the restricted administrative ping function for internal network reconnaissance. CVE-2025-6949 and CVE-2025-6950 involve additional authorization bypass and privilege escalation issues in the affected appliances. No patches are available; the vendor has not released fixes for these products.

What this means

What could happen

An attacker with access to these Moxa appliances could bypass authentication controls to modify security settings, gain administrative privileges, and execute restricted diagnostic functions—potentially disrupting network operations or extracting sensitive configuration data that could be used to compromise downstream industrial systems.

Who's at risk

Water and electric utilities using Moxa network security appliances or industrial routers as boundary devices or network perimeter controls should prioritize this. The vulnerability affects anyone relying on these appliances for network segmentation or access control between IT and OT networks, or between production zones in industrial networks.

How it could be exploited

An attacker must first obtain legitimate user credentials or access to an authenticated session on the Moxa appliance's web interface or API. Once authenticated as a low-privileged user, the attacker can exploit broken access control in the API endpoints (CVE-2025-6893, CVE-2025-6894) to execute administrative functions without proper authorization, or exploit the session validation flaw (CVE-2025-6892) to escalate privileges and access protected administrative endpoints.

Prerequisites

Authenticated access to the Moxa appliance (valid user credentials or active session)
Network access to the Moxa web interface or API endpoints (typically port 443 for HTTPS)
Low-privilege user account (for CVE-2025-6893 and CVE-2025-6894); no privilege escalation needed for initial access

No vendor fix available (end-of-life or unsupported products)Affects network boundary devices (potential pivot point into OT)Authenticated access required but low-privilege user sufficient for some exploitsMultiple privilege escalation paths

Exploitability

Unlikely to be exploited — EPSS score 0.4%

Affected products (1)

ProductAffected VersionsFix Status

Network Security Appliances and RoutersAll versionsNo fix yet

Remediation & Mitigation

0/6

Do now

0/4

WORKAROUNDContact Moxa support and request security patches; no fixes are currently available for these products—implement compensating controls immediately

WORKAROUNDRestrict administrative API access (/api/v1/setting/data and other admin endpoints) using network firewall rules—allow traffic only from trusted management networks

WORKAROUNDDisable or restrict use of the ping API function if not required for operations; audit which users and roles actually need this capability

HARDENINGEnforce strong, unique passwords for all user accounts on the Moxa appliance and disable any default accounts

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGImplement network segmentation to isolate Moxa security appliances from lower-trust OT networks; restrict outbound network reconnaissance from these devices

HARDENINGEnable comprehensive audit logging and monitor for unusual API calls (especially to /api/v1/setting/data), privilege escalations, and administrative function usage

CVEs (5)

CVE-2025-6892 CVE-2025-6893 CVE-2025-6894 CVE-2025-6949 CVE-2025-6950

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/361ad53b-9a8e-4f4c-b43c-d3faa3a6a50e

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.