Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

CVE-2025-6894: CWE-250: Execution with Unnecessary Privileges in Moxa EDR-G9010 Series

0
Medium
VulnerabilityCVE-2025-6894cvecve-2025-6894cwe-250
Published: Fri Oct 17 2025 (10/17/2025, 02:25:15 UTC)
Source: CVE Database V5
Vendor/Project: Moxa
Product: EDR-G9010 Series

Description

An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authorization logic of the affected device allows an authenticated, low-privileged user to execute the administrative `ping` function, which is restricted to higher-privileged roles. This vulnerability enables the user to perform internal network reconnaissance, potentially discovering internal hosts or services that would otherwise be inaccessible. Repeated exploitation could lead to minor resource consumption. While the overall impact is limited, it may result in some loss of confidentiality and availability on the affected device. There is no impact on the integrity of the device, and the vulnerability does not affect any subsequent systems.

AI-Powered Analysis

AILast updated: 10/17/2025, 03:39:46 UTC

Technical Analysis

CVE-2025-6894 is an Execution with Unnecessary Privileges vulnerability (CWE-250) identified in Moxa’s EDR-G9010 Series network security appliances and routers, specifically version 1.0. The root cause is a flaw in the API authorization logic that incorrectly permits authenticated users with low privileges to invoke the administrative 'ping' function, which should be restricted to higher-privileged roles. This function allows the device to send ICMP echo requests internally, enabling an attacker to perform internal network reconnaissance by discovering hosts and services that are normally inaccessible to low-privileged users. While the vulnerability does not allow modification of device configurations or data (no integrity impact), it can lead to minor resource consumption if exploited repeatedly, potentially affecting device availability. The vulnerability requires the attacker to be authenticated on the device but does not require any additional user interaction. The CVSS 4.0 base score is 5.3 (medium severity), reflecting network attack vector, low complexity, no privileges required beyond authentication, and limited confidentiality and availability impacts. No known exploits have been reported in the wild, and no patches have been published as of the vulnerability disclosure date (October 17, 2025). This vulnerability is significant in environments where low-privileged users have access to device management interfaces, as it can be leveraged for internal reconnaissance to map network topology and identify potential targets for further attacks.

Potential Impact

For European organizations, the primary impact of CVE-2025-6894 lies in the potential exposure of internal network topology and services through unauthorized internal reconnaissance. This can aid attackers in planning subsequent attacks such as lateral movement, targeted exploits, or denial-of-service attacks. Although the vulnerability does not directly compromise device integrity or critical availability, the minor resource consumption from repeated exploitation could degrade device performance in sensitive network environments. Confidentiality loss is limited but relevant in sectors where internal network information is sensitive, such as critical infrastructure, manufacturing, or government networks. Organizations relying on Moxa EDR-G9010 devices for network security may face increased risk if low-privileged users or compromised accounts exist. The requirement for authentication limits exposure to insider threats or attackers who have gained initial access, but once inside, the vulnerability facilitates further network reconnaissance. This could be particularly impactful in segmented or sensitive networks common in European industrial and enterprise environments.

Mitigation Recommendations

1. Restrict access to the management interfaces of Moxa EDR-G9010 devices strictly to trusted, high-privileged users and limit low-privileged user accounts to the minimum necessary. 2. Implement strong authentication mechanisms, such as multi-factor authentication, to reduce the risk of unauthorized access by low-privileged users. 3. Monitor and audit usage of the ping function and other administrative API calls to detect anomalous or unauthorized activity indicative of reconnaissance attempts. 4. Network segmentation should be enforced to limit the scope of internal reconnaissance even if the vulnerability is exploited. 5. Apply strict role-based access controls (RBAC) and review user privileges regularly to ensure no unnecessary permissions are granted. 6. Since no patch is currently available, consider deploying compensating controls such as firewall rules to restrict ICMP traffic originating from the device or from low-privileged user sessions. 7. Stay updated with Moxa’s advisories for any forthcoming patches or firmware updates addressing this vulnerability and plan prompt deployment once available.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Moxa
Date Reserved
2025-06-28T15:51:38.895Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 68f1ba682c5d344c54e5d94a

Added to database: 10/17/2025, 3:39:20 AM

Last enriched: 10/17/2025, 3:39:46 AM

Last updated: 10/19/2025, 6:29:56 AM

Views: 20

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats