CVE-2025-0676

Commend Injection Leading to Privilege Escalation

Description

This vulnerability involves command injection in tcpdump within Moxa products, enabling an authenticated attacker with console access to exploit improper input validation to inject and execute systems commands. Successful exploitation could result in privilege escalation, allowing the attacker to gain root shell access and maintain persistent control over the device, potentially disrupting network services and affecting the availability of downstream systems that rely on its connectivity.

Remediation

Solution:

  • Moxa has developed appropriate solutions to address this vulnerability. For details on the affected products and their corresponding solutions, please refer to the Solutions section on our official Security Advisory webpage.

Category

8.6
CVSS
Severity: High
CVSS 4.0 •
EPSS 0.46%
Vendor Advisory moxa.com
Affected: Moxa EDF-G1002-BP Series
Affected: Moxa EDR-810 Series
Affected: Moxa EDR-8010 Series
Affected: Moxa EDR-G9004 Series
Affected: Moxa EDR-G9010 Series
Affected: Moxa OnCell G4302-LTE4 Series
Affected: Moxa TN-4900 Series
Affected: Moxa NAT-102 Series
Published at:
Updated at:

References

Link Tags
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-259491-cve-2025-0676-command-injection-leading-to-privilege-escalation vendor advisory

Frequently Asked Questions

What is the severity of CVE-2025-0676?
CVE-2025-0676 has been scored as a high severity vulnerability.
How to fix CVE-2025-0676?
To fix CVE-2025-0676: Moxa has developed appropriate solutions to address this vulnerability. For details on the affected products and their corresponding solutions, please refer to the Solutions section on our official Security Advisory webpage.
Is CVE-2025-0676 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-0676 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-0676?
CVE-2025-0676 affects Moxa EDF-G1002-BP Series, Moxa EDR-810 Series, Moxa EDR-8010 Series, Moxa EDR-G9004 Series, Moxa EDR-G9010 Series, Moxa OnCell G4302-LTE4 Series, Moxa TN-4900 Series, Moxa NAT-102 Series.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.