Moxa CVE-2026-10825: Improper Validation of Input Vulnerability in Serial Device Servers

MonitorCVSS 7.1MPSA-268270Jun 16, 2026

Moxa

Summary

CVE-2026-10825 is a denial-of-service vulnerability in the WebSocket API of Moxa Serial Device Servers caused by improper validation of JSON input. An authenticated attacker can send a specially crafted JSON request through the WebSocket API that causes the device to become unresponsive or reboot unexpectedly, disrupting serial communications. The vulnerability requires low-privilege authenticated access to the WebSocket API endpoint.

What this means

What could happen

An authenticated attacker can send a malicious JSON request to the WebSocket API on your serial device server, causing the device to become unavailable or reboot unexpectedly, disrupting communications from legacy serial equipment to your network.

Who's at risk

Water utilities, electric utilities, and other critical infrastructure operators using Moxa Serial Device Servers to bridge legacy serial equipment (flow meters, pressure sensors, SCADA devices, RTUs) to modern networks should apply mitigations immediately, as unexpected reboots can disrupt process monitoring and control.

How it could be exploited

An attacker with valid credentials on your network accesses the WebSocket API (typically port 80 or 443) and sends a specially crafted JSON payload that the server fails to validate properly. This causes a denial of service condition or unexpected reboot of the serial device server.

Prerequisites

Valid authentication credentials (low-privilege account or API key)
Network access to the WebSocket API endpoint (typically port 80 or 443)
Knowledge of the WebSocket API message format or ability to fuzzing JSON inputs

Remotely exploitableRequires valid credentials (low-privilege)Low attack complexityNo patch available (end-of-life product)Affects operational availability

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (1)

ProductAffected VersionsFix Status

Serial Device ServersAll versionsNo fix yet

Remediation & Mitigation

0/5

Do now

0/3

WORKAROUNDRestrict network access to the WebSocket API ports (typically 80 and 443) to only authorized engineering workstations and management networks using firewall rules

WORKAROUNDDisable the WebSocket API if not required for operations and use alternative management methods (e.g., direct serial connections or SNMP)

HARDENINGEnforce strong authentication for API access and disable any default or shared credentials

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor serial device server logs for unusual JSON requests or API errors that may indicate exploitation attempts

Long-term hardening

0/1

HARDENINGSegment serial device servers onto a separate management network isolated from general IT traffic and untrusted systems

CVEs (1)

CVE-2026-10825

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a817a6e0-0ec0-429f-bc0d-e809e8666b29

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.