Execution with Unnecessary Privileges in Moxa Network Security Appliances and Routers
CVE-2025-6894

5.3MEDIUM

Key Information:

Vendor: Moxa
Status: Edr-g9010 Series; Edr-8010 Series; Edf-g1002-bp Series; Tn-4900 Series
Vendor: CVE Published:; 17 October 2025

What is CVE-2025-6894?

A vulnerability affecting Moxa’s network security appliances and routers allows authenticated low-privileged users to execute the administrative 'ping' function, which is typically reserved for higher-privileged roles. This flaw in API authorization logic can enable unauthorized internal network reconnaissance, exposing hosts or services that are otherwise protected. Continuous exploitation may lead to minor resource consumption, causing limited impacts on confidentiality and availability. However, it does not compromise the integrity of the device, nor does it affect any other connected systems.

Affected Version(s)

EDF-G1002-BP Series 1.0 <= 3.17

EDR-8010 Series 1.0 <= 3.17

EDR-G9010 Series 1.0 <= 3.14

References

https://www.moxa.com/en/support/product-support/security-...

vendor-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2025
Vulnerability Reserved
Jun 28, 2025

JSON