Execution with Unnecessary Privileges in NPort 6100-G2/6200-G2 Series by Moxa
CVE-2025-1977

7.7HIGH

Key Information:

Vendor: Moxa
Status: Nport 6100-g2/6200-g2 Series
Vendor: CVE Published:; 31 December 2025

What is CVE-2025-1977?

The NPort 6100-G2/6200-G2 Series is susceptible to a vulnerability that enables an authenticated user with read-only access to make unauthorized configuration changes via the MCC (Moxa CLI Configuration) tool. This issue can be exploited remotely, requiring low complexity without direct user interaction, provided certain system conditions exist. Exploitation may permit unintended modifications to device settings, posing risks to the device's confidentiality, integrity, and availability. No effects have been reported on other systems.

Affected Version(s)

NPort 6100-G2/6200-G2 Series 1.0.0

NPort 6100-G2/6200-G2 Series 1.1.0

References

https://www.moxa.com/en/support/product-support/security-...

vendor-advisory

CVSS V4

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Dec 31, 2025
Vulnerability Reserved
Mar 5, 2025

Credit

Paxon SP Lin

JSON