Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

CVE-2025-6949: CWE-250: Execution with Unnecessary Privileges in Moxa EDR-G9010 Series

0
Critical
VulnerabilityCVE-2025-6949cvecve-2025-6949cwe-250
Published: Fri Oct 17 2025 (10/17/2025, 03:12:02 UTC)
Source: CVE Database V5
Vendor/Project: Moxa
Product: EDR-G9010 Series

Description

An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A critical authorization flaw in the API allows an authenticated, low-privileged user to create a new administrator account, including accounts with usernames identical to existing users. In certain scenarios, this vulnerability could allow an attacker to gain full administrative control over the affected device, leading to potential account impersonation. While successful exploitation can severely impact the confidentiality, integrity, and availability of the affected device itself, there is no loss of confidentiality or integrity within any subsequent systems.

AI-Powered Analysis

AILast updated: 10/17/2025, 03:33:14 UTC

Technical Analysis

CVE-2025-6949 identifies a critical security flaw in the Moxa EDR-G9010 Series network security appliances and routers, specifically version 1.0. The vulnerability is categorized under CWE-250, indicating execution with unnecessary privileges. The root cause is an authorization flaw in the device's API that allows an authenticated user with low privileges to create new administrator accounts. Notably, attackers can create accounts with usernames identical to existing users, facilitating account impersonation. This bypasses intended privilege restrictions, enabling attackers to escalate privileges to full administrative control over the device. The vulnerability requires no user interaction and can be exploited remotely over the network (AV:N), with low attack complexity (AC:L), and no additional authentication beyond low-privileged user access (PR:L). The impact on confidentiality, integrity, and availability of the device itself is high, as attackers can manipulate configurations, disrupt operations, or lock out legitimate administrators. However, the vulnerability does not extend to compromising confidentiality or integrity of connected downstream systems. The CVSS v4.0 score of 9.3 reflects the critical nature of this flaw. No public exploits have been reported yet, but the potential for severe disruption in critical network infrastructure is significant. The vulnerability was reserved in July 2025 and published in October 2025, with no patches currently available, highlighting the urgency for vendor remediation and interim mitigations.

Potential Impact

For European organizations, the impact of CVE-2025-6949 is substantial, particularly for those relying on Moxa EDR-G9010 Series devices in critical infrastructure, industrial control systems, or enterprise network security. Full administrative compromise of these devices can lead to unauthorized configuration changes, disabling of security controls, and potential network outages, affecting operational continuity. Confidentiality and integrity of the device's management data are at high risk, potentially enabling attackers to impersonate legitimate administrators and evade detection. Although the vulnerability does not directly compromise downstream systems, the affected devices often serve as security gateways or routers; their compromise can indirectly expose connected networks to further attacks or disruptions. European sectors such as energy, manufacturing, transportation, and telecommunications, which commonly deploy Moxa devices, could face operational and reputational damage. The lack of patches increases the window of exposure, emphasizing the need for immediate risk management. Additionally, regulatory compliance frameworks in Europe, including NIS2 and GDPR, may impose reporting and remediation obligations if this vulnerability leads to security incidents.

Mitigation Recommendations

1. Immediately restrict access to the management interfaces of Moxa EDR-G9010 devices to trusted administrative networks only, using network segmentation and firewall rules. 2. Enforce strong authentication and monitoring for all user accounts, especially those with administrative privileges, to detect unauthorized account creations or privilege escalations. 3. Implement strict role-based access controls (RBAC) and audit logs to track changes in user accounts and configurations. 4. Temporarily disable or limit API access if possible, or apply compensating controls such as network-level access restrictions to the API endpoints. 5. Monitor device logs and network traffic for anomalous activities indicative of exploitation attempts, such as creation of duplicate usernames or unexpected administrative account additions. 6. Engage with Moxa for timely updates and patches; prioritize patch deployment once available. 7. Conduct internal vulnerability assessments and penetration tests focusing on these devices to identify potential exploitation paths. 8. Educate network administrators about this vulnerability and the importance of vigilant account management. 9. Consider deploying intrusion detection/prevention systems (IDS/IPS) tuned to detect exploitation attempts targeting this vulnerability. 10. Maintain an incident response plan tailored to potential compromise scenarios involving network security appliances.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Moxa
Date Reserved
2025-07-01T05:10:25.849Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 68f1b8039f8a5dbaea8c0703

Added to database: 10/17/2025, 3:29:07 AM

Last enriched: 10/17/2025, 3:33:14 AM

Last updated: 10/19/2025, 10:51:36 AM

Views: 62

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats