Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

CVE-2025-6892: CWE-863: Incorrect Authorization in Moxa EDR-G9010 Series

0
High
VulnerabilityCVE-2025-6892cvecve-2025-6892cwe-863
Published: Fri Oct 17 2025 (10/17/2025, 02:07:25 UTC)
Source: CVE Database V5
Vendor/Project: Moxa
Product: EDR-G9010 Series

Description

An Incorrect Authorization vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authentication mechanism allows unauthorized access to protected API endpoints, including those intended for administrative functions. This vulnerability can be exploited after a legitimate user has logged in, as the system fails to properly validate session context or privilege boundaries. An attacker may leverage this flaw to perform unauthorized privileged operations. While successful exploitation can severely impact the confidentiality, integrity, and availability of the affected device itself, there is no loss of confidentiality or integrity within any subsequent systems.

AI-Powered Analysis

AILast updated: 10/17/2025, 03:39:58 UTC

Technical Analysis

CVE-2025-6892 is an Incorrect Authorization vulnerability (CWE-863) identified in Moxa’s EDR-G9010 Series network security appliances and routers, specifically version 1.0. The vulnerability stems from a flaw in the API authentication mechanism where the system fails to properly validate the session context and privilege boundaries after a legitimate user logs in. This means that once a user has authenticated, an attacker can exploit the improper authorization checks to access protected API endpoints that are intended only for administrative or privileged functions. The flaw allows unauthorized privileged operations on the device itself, potentially compromising its confidentiality, integrity, and availability. However, the vulnerability does not allow direct compromise of subsequent connected systems beyond the device. The CVSS 4.0 base score is 8.7 (high severity), reflecting network attack vector, low attack complexity, partial authentication required, user interaction needed, and high impact on confidentiality, integrity, and availability of the device. No patches or exploits are currently publicly available, but the vulnerability is published and reserved since mid-2025. The issue highlights a critical failure in session and privilege management within the API layer of these devices, which are commonly deployed in industrial and network security environments.

Potential Impact

For European organizations, especially those in critical infrastructure, manufacturing, energy, and telecommunications sectors, this vulnerability poses a significant risk. The EDR-G9010 Series devices are often deployed as security gateways or routers in industrial control systems and enterprise networks. Successful exploitation could allow attackers to gain unauthorized administrative control over these devices, leading to potential disruption of network traffic, manipulation or disabling of security functions, and denial of service conditions. The compromise of device integrity and availability could result in operational downtime, safety hazards, and loss of trust in network security. Although the vulnerability does not directly affect downstream systems’ confidentiality or integrity, the device’s critical role means its compromise could indirectly facilitate further attacks or network segmentation failures. European organizations with stringent regulatory requirements for network security and operational continuity could face compliance and reputational consequences if exploited.

Mitigation Recommendations

1. Implement strict session management and enforce robust validation of session context and privilege boundaries within the API layer. 2. Deploy network segmentation to isolate Moxa EDR-G9010 devices from less trusted network zones, limiting exposure. 3. Monitor API usage logs for anomalous or unauthorized access patterns, especially post-authentication. 4. Restrict user interaction paths that can trigger privileged API calls, applying the principle of least privilege. 5. Coordinate with Moxa for timely firmware updates or patches addressing this vulnerability once available. 6. Employ multi-factor authentication for all users accessing the device to reduce risk of unauthorized login. 7. Conduct regular security audits and penetration testing focusing on API authorization controls. 8. If possible, temporarily disable or restrict access to vulnerable API endpoints until a patch is applied. 9. Educate administrators and users about the risk of session hijacking or misuse following legitimate login. 10. Integrate device monitoring into centralized security information and event management (SIEM) systems for real-time alerting.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Moxa
Date Reserved
2025-06-28T15:51:35.946Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 68f1ba682c5d344c54e5d94d

Added to database: 10/17/2025, 3:39:20 AM

Last enriched: 10/17/2025, 3:39:58 AM

Last updated: 10/19/2025, 9:50:39 AM

Views: 30

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats