Incorrect Authorization Vulnerability in Moxa Network Security Appliances
CVE-2025-6892
Key Information:
- Vendor
Moxa
- Vendor
- CVE Published:
- 17 October 2025
What is CVE-2025-6892?
CVE-2025-6892 is an Incorrect Authorization vulnerability found in Moxa's network security appliances and routers. Moxa provides solutions designed to ensure secure network communications, particularly in industrial environments. This vulnerability arises from a flaw in the API authentication mechanism, which allows unauthorized access to protected API endpoints, including those that facilitate administrative functions. The issue occurs when legitimate users are logged in, as the device fails to validate user session context and privilege boundaries properly. This inadequacy can enable an attacker to execute unauthorized privileged operations, jeopardizing the device's overall performance and reliability while threatening the organization's operational integrity.
Potential impact of CVE-2025-6892
-
Unauthorized Access to Administrative Functions: Exploiting this vulnerability can grant potential attackers access to sensitive administrative functions without proper authorization, compromising the management and control of the network security appliances.
-
Compromised Device Integrity: By performing unauthorized operations, attackers could alter configurations or deploy malicious changes, ultimately affecting the integrity and proper functioning of the network security infrastructure.
-
Operational Disruptions: The exploitation of this flaw may lead to service disruptions or outages, impeding normal business operations and potentially causing cascading issues in connected network systems.
Affected Version(s)
EDF-G1002-BP Series 1.0 <= 3.17
EDR-8010 Series 1.0 <= 3.17
EDR-G9010 Series 1.0 <= 3.14