Unauthenticated Device Registration Vulnerability in MXsecurity Series by Moxa
CVE-2025-9315

6.3MEDIUM

Key Information:

Vendor: Moxa
Status: Mxsecurity Series
Vendor: CVE Published:; 10 December 2025

What is CVE-2025-9315?

An unauthenticated device registration vulnerability has been discovered in Moxa's MXsecurity Series. This flaw allows a remote attacker to send a specially crafted JSON payload to the device's registration endpoint, potentially leading to unauthorized device registrations without any form of authentication. Although the exploitation does not compromise the confidentiality or availability of the device, it poses risks related to unauthorized modifications. It is crucial for users to remain aware of potential security implications and to apply recommended mitigations as outlined in Moxa's security advisory.

Affected Version(s)

MXsecurity Series 1.0 <= 2.3.0

MXsecurity Series 2.3.1

References

https://www.moxa.com/en/support/product-support/security-...

vendor-advisory

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 10, 2025
Vulnerability Reserved
Aug 21, 2025

Credit

Leo Lin

JSON