CVE-2025-1679

Summary

Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device’s web service that could impact authenticated users interacting with the device’s web interface. This vulnerability is classified as stored cross-site scripting (XSS); attackers inject malicious scripts into the system, and the scripts persist across sessions. There is no impact to the confidentiality, integrity, and availability of the affected device; no loss of availability within any subsequent systems but has some loss of confidentiality and integrity within the subsequent system.

Affected Software

VendorProductVersion RangeStatus
MoxaTN-4500A Series1.0 <= 3.13affected
MoxaTN-4500A Series4.0unaffected
MoxaTN-5500A Series1.0 <= 3.13affected
MoxaTN-5500A Series4.0unaffected
MoxaTN-G4500 Series1.0 <= 5.5affected
MoxaTN-G4500 Series5.5.255unaffected
MoxaTN-G6500 Series1.0 <= 5.5affected
MoxaTN-G6500 Series5.5.255unaffected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References