Use of Hard-coded Credentials in Moxa Network Security Appliances
CVE-2025-6950
Key Information:
- Vendor
Moxa
- Vendor
- CVE Published:
- 17 October 2025
What is CVE-2025-6950?
CVE-2025-6950 is a critical vulnerability found in Moxa's network security appliances and routers. These devices are designed to enhance network security by providing robust protection and management for data traffic within industrial and enterprise environments. The vulnerability arises from the use of hard-coded credentials, specifically a secret key utilized for signing JSON Web Tokens (JWT) for authentication purposes. This insecure implementation permits unauthenticated attackers to forge valid tokens. Consequently, they can bypass security measures, impersonate legitimate users, and gain unauthorized access to sensitive functionalities within the affected devices. The implications of exploiting this vulnerability are significant, as it may enable attackers to execute high-level administrative tasks and potentially compromise the system's confidentiality, integrity, and overall availability.
Potential impact of CVE-2025-6950
-
Unauthorized Access: Attackers exploiting this vulnerability can gain access to critical network resources, allowing them to manipulate settings, intercept data, or redirect legitimate traffic. This level of access can facilitate further attacks or data exfiltration.
-
System Compromise: Full administrative control over the affected devices can lead to extensive system compromise, where administrators’ functionalities might be exploited to introduce malware, disrupt operations, or manipulate industrial processes critical to business functions.
-
Data Theft: Given the potential for unauthorized access to sensitive information, attackers could steal confidential data, which could have severe ramifications for organizations, including financial losses, legal consequences, and damage to reputation.
Affected Version(s)
EDF-G1002-BP Series 1.0 <= 3.17
EDR-8010 Series 1.0 <= 3.17
EDR-G9010 Series 1.0 <= 3.14