Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-15017

Summary
Assigner-Moxa
Assigner Org ID-2e0a0ee2-d866-482a-9f5e-ac03d156dbaa
Published At-31 Dec, 2025 | 07:44
Updated At-31 Dec, 2025 | 16:06
Rejected At-
Credits

A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain unauthorized access to internal debug functionality. Exploitation is low complexity and allows an attacker to execute privileged operations and access sensitive system resources, resulting in a high impact to the confidentiality, integrity, and availability of the affected device. No security impact to external or dependent systems has been identified.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Moxa
Assigner Org ID:2e0a0ee2-d866-482a-9f5e-ac03d156dbaa
Published At:31 Dec, 2025 | 07:44
Updated At:31 Dec, 2025 | 16:06
Rejected At:
▼CVE Numbering Authority (CNA)

A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain unauthorized access to internal debug functionality. Exploitation is low complexity and allows an attacker to execute privileged operations and access sensitive system resources, resulting in a high impact to the confidentiality, integrity, and availability of the affected device. No security impact to external or dependent systems has been identified.

Affected Products
Vendor
Moxa Inc.Moxa
Product
NPort 5000AI-M12 Series
Default Status
affected
Versions
Affected
  • 1.0 (custom)
Vendor
Moxa Inc.Moxa
Product
NPort 5100 Series
Default Status
affected
Versions
Affected
  • 1.0 (custom)
Vendor
Moxa Inc.Moxa
Product
NPort 5100A Series
Default Status
affected
Versions
Affected
  • 1.0 (custom)
Vendor
Moxa Inc.Moxa
Product
NPort 5200 Series
Default Status
affected
Versions
Affected
  • 1.0 (custom)
Vendor
Moxa Inc.Moxa
Product
NPort 5200A Series
Default Status
affected
Versions
Affected
  • 1.0 (custom)
Vendor
Moxa Inc.Moxa
Product
NPort 5400 Series
Default Status
affected
Versions
Affected
  • 1.0 (custom)
Vendor
Moxa Inc.Moxa
Product
NPort 5600 Series
Default Status
affected
Versions
Affected
  • 1.0 (custom)
Vendor
Moxa Inc.Moxa
Product
NPort 5600-DT Series
Default Status
affected
Versions
Affected
  • 1.0 (custom)
Vendor
Moxa Inc.Moxa
Product
NPort IA5000 Series
Default Status
affected
Versions
Affected
  • 1.0 (custom)
Vendor
Moxa Inc.Moxa
Product
NPort IA5000A Series
Default Status
affected
Versions
Affected
  • 1.0 (custom)
Vendor
Moxa Inc.Moxa
Product
NPort IA5000-G2 Series
Default Status
affected
Versions
Affected
  • 1.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-489CWE-489: Active Debug Code
Type: CWE
CWE ID: CWE-489
Description: CWE-489: Active Debug Code
Metrics
VersionBase scoreBase severityVector
4.07.0HIGH
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 7.0
Base severity: HIGH
Vector:
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-121CAPEC-121: Exploit Non-Production Interfaces
CAPEC ID: CAPEC-121
Description: CAPEC-121: Exploit Non-Production Interfaces
Solutions
Configurations
Workarounds

* For the NPort 5000 Series, make sure that the physical protection of the NPort devices and/or the system meets the security needs of your application. By limiting physical access to authorized personnel, you significantly reduce the risk of local cyberattacks. Please refer to The Security Hardening Guide for NPort 5000 Series (v2.4 or later) https://www.moxa.com/en/products/industrial-edge-connectivity/serial-device-servers/general-device-servers/nport-5100-series#resources  for more information.

Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-257331-cve-2025-15017-active-debug-code-vulnerability-in-serial-device-servers
vendor-advisory
Hyperlink: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-257331-cve-2025-15017-active-debug-code-vulnerability-in-serial-device-servers
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@moxa.com
Published At:31 Dec, 2025 | 08:15
Updated At:31 Dec, 2025 | 20:42

A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain unauthorized access to internal debug functionality. Exploitation is low complexity and allows an attacker to execute privileged operations and access sensitive system resources, resulting in a high impact to the confidentiality, integrity, and availability of the affected device. No security impact to external or dependent systems has been identified.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.07.0HIGH
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 7.0
Base severity: HIGH
Vector:
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-489Secondarypsirt@moxa.com
CWE ID: CWE-489
Type: Secondary
Source: psirt@moxa.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-257331-cve-2025-15017-active-debug-code-vulnerability-in-serial-device-serverspsirt@moxa.com
N/A
Hyperlink: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-257331-cve-2025-15017-active-debug-code-vulnerability-in-serial-device-servers
Source: psirt@moxa.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

5Records found
CVE-2026-0715
Matching Score-8
Assigner-Moxa Inc.
ShareView Details
Matching Score-8
Assigner-Moxa Inc.
CVSS Score-7||HIGH
EPSS-0.03% / 6.14%
||
7 Day CHG~0.00%
Published-05 Feb, 2026 | 17:01
Updated-05 Feb, 2026 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique bootloader password provided on the device. An attacker with physical access to the device could use this information to access the bootloader menu via a serial interface.  Access to the bootloader menu does not allow full system takeover or privilege escalation. The bootloader enforces digital signature verification and only permits flashing of Moxa-signed images. As a result, an attacker cannot install malicious firmware or execute arbitrary code. The primary impact is limited to a potential temporary denial-of-service condition if a valid image is reflashed. Remote exploitation is not possible.

Action-Not Available
Vendor-Moxa Inc.
Product-UC-1200A Series
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2026-0714
Matching Score-8
Assigner-Moxa Inc.
ShareView Details
Matching Score-8
Assigner-Moxa Inc.
CVSS Score-7||HIGH
EPSS-0.01% / 0.32%
||
7 Day CHG-0.00%
Published-05 Feb, 2026 | 16:58
Updated-18 Feb, 2026 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and attaching external equipment to the SPI bus to capture TPM communications. If successful, the captured data may allow offline decryption of eMMC contents. This attack cannot be performed through brief or opportunistic physical access and requires extended physical access, possession of the device, appropriate equipment, and sufficient time for signal capture and analysis. Remote exploitation is not possible.

Action-Not Available
Vendor-Moxa Inc.
Product-v2406c-kl7-ct-t_firmwarev2406c-wl7-t_firmwareuc-3434a-t-lte-wifi_firmwareuc-4414a-i-t_firmwarev2406c-wl7-tv2406c-kl5-tuc-4454a-t-5g_firmwareuc-2222a-tuc-4430a-tuc-1222auc-4450a-t-5guc-8220-t-lx-ap-s_firmwareuc-4430a-t_firmwareuc-4410a-t_firmwarev2406c-kl5-t_firmwarev2406c-wl7-ct-tuc-3434a-t-lte-wifiuc-3430a-t-lte-wifiuc-2222a-t_firmwareuc-4450a-t-5g_firmwarev2406c-kl3-t_firmwarev1222-w-ct-t_firmwarev2406c-kl1-tv2406c-wl7-ct-t_firmwareuc-8220-t-lx_firmwarev2406c-kl7-tv1202-ct-tv2406c-kl1-t_firmwareuc-4410a-tv2406c-wl1-tuc-2222a-t-eu_firmwareuc-8220-t-lxuc-2222a-t-us_firmwareuc-8220-t-lx-us-sv2406c-wl5-t_firmwarev1222-ct-tuc-8220-t-lx-eu-s_firmwareuc-3424a-t-lte_firmwarev2406c-kl7-t_firmwareuc-8220-t-lx-us-s_firmwarev2406c-kl7-ct-tuc-4434a-i-t_firmwareuc-2222a-t-usuc-2222a-t-apuc-3430a-t-lte-wifi_firmwarev2406c-kl1-ct-tv2406c-wl3-t_firmwareuc-3420a-t-lteuc-3420a-t-lte_firmwarev2406c-wl1-ct-tuc-2222a-t-ap_firmwareuc-4434a-i-tuc-8220-t-lx-eu-suc-8210-t-lx-s_firmwarev2406c-kl1-ct-t_firmwareuc-2222a-t-euuc-3424a-t-ltev2406c-wl1-t_firmwareuc-4454a-t-5guc-8210-t-lx-suc-1222a_firmwarev2406c-wl1-ct-t_firmwareuc-8220-t-lx-ap-suc-4414a-i-tv2406c-wl3-tv1222-ct-t_firmwarev1222-w-ct-tv2406c-wl5-tv1202-ct-t_firmwarev2406c-kl3-tUC-1200A Series
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2023-4227
Matching Score-6
Assigner-Moxa Inc.
ShareView Details
Matching Score-6
Assigner-Moxa Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 37.02%
||
7 Day CHG~0.00%
Published-24 Aug, 2023 | 05:07
Updated-28 Oct, 2024 | 06:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ioLogik 4000 Series: Existence of an Unauthorized Service

A vulnerability has been identified in the ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which can be exploited by malicious actors to potentially gain unauthorized access to the product. This could lead to security breaches, data theft, and unauthorized manipulation of sensitive information. The vulnerability is attributed to the presence of an unauthorized service, which could potentially enable unauthorized access to the. device.

Action-Not Available
Vendor-Moxa Inc.
Product-iologik_e4200_firmwareiologik_e4200ioLogik 4000 Seriesiologik_4000_series
CWE ID-CWE-489
Active Debug Code
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-2919
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7||HIGH
EPSS-0.08% / 23.14%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 17:31
Updated-17 Apr, 2025 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netis WF-2404 UART hardware allows activation of test or debug logic at runtime

A vulnerability was found in Netis WF-2404 1.1.124EN. It has been declared as critical. This vulnerability affects unknown code of the component UART. The manipulation leads to hardware allows activation of test or debug logic at runtime. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Netis Systems Co., Ltd.
Product-netis_wf-2404netis_wf-2404_firmwareWF-2404
CWE ID-CWE-1313
Hardware Allows Activation of Test or Debug Logic at Runtime
CWE ID-CWE-489
Active Debug Code
CVE-2024-53648
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7||HIGH
EPSS-0.08% / 22.71%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 10:28
Updated-11 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.90), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.90), SIPROTEC 5 6MD89 (CP300) (All versions < V9.90), SIPROTEC 5 6MU85 (CP300) (All versions < V9.90), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V10.0), SIPROTEC 5 7SA82 (CP100) (All versions < V8.90), SIPROTEC 5 7SA82 (CP150) (All versions < V9.90), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.90), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.90), SIPROTEC 5 7SD82 (CP100) (All versions < V8.90), SIPROTEC 5 7SD82 (CP150) (All versions < V9.90), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.90), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.90), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.90), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.90), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.90), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.90), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.90), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.90), SIPROTEC 5 7SK82 (CP100) (All versions < V8.90), SIPROTEC 5 7SK82 (CP150) (All versions < V9.90), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.90), SIPROTEC 5 7SL82 (CP100) (All versions < V8.90), SIPROTEC 5 7SL82 (CP150) (All versions < V9.90), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.90), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.90), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.90), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions < V10.0), SIPROTEC 5 7ST86 (CP300) (All versions < V10.0), SIPROTEC 5 7SX82 (CP150) (All versions < V9.90), SIPROTEC 5 7SX85 (CP300) (All versions < V9.90), SIPROTEC 5 7SY82 (CP150) (All versions < V9.90), SIPROTEC 5 7UM85 (CP300) (All versions < V9.90), SIPROTEC 5 7UT82 (CP100) (All versions < V8.90), SIPROTEC 5 7UT82 (CP150) (All versions < V9.90), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.90), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.90), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.90), SIPROTEC 5 7VE85 (CP300) (All versions < V9.90), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.90), SIPROTEC 5 7VU85 (CP300) (All versions < V9.90), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.90). Affected devices do not properly limit access to a development shell accessible over a physical interface. This could allow an unauthenticated attacker with physical access to the device to execute arbitrary commands on the device.

Action-Not Available
Vendor-Siemens AG
Product-SIPROTEC 5 7SK85 (CP200)SIPROTEC 5 7SS85 (CP200)SIPROTEC 5 7UT86 (CP200)SIPROTEC 5 7ST85 (CP300)SIPROTEC 5 7SK82 (CP150)SIPROTEC 5 7UT86 (CP300)SIPROTEC 5 7SA82 (CP150)SIPROTEC 5 7SA86 (CP200)SIPROTEC 5 7SJ81 (CP100)SIPROTEC 5 6MU85 (CP300)SIPROTEC 5 6MD86 (CP300)SIPROTEC 5 7SD82 (CP100)SIPROTEC 5 7SA82 (CP100)SIPROTEC 5 7SJ81 (CP150)SIPROTEC 5 7SD82 (CP150)SIPROTEC 5 7SX82 (CP150)SIPROTEC 5 7SK85 (CP300)SIPROTEC 5 7SX85 (CP300)SIPROTEC 5 7SJ85 (CP200)SIPROTEC 5 7UT85 (CP200)SIPROTEC 5 7SK82 (CP100)SIPROTEC 5 7SL86 (CP200)SIPROTEC 5 7SD86 (CP200)SIPROTEC 5 7UT85 (CP300)SIPROTEC 5 7SJ82 (CP100)SIPROTEC 5 7SL87 (CP300)SIPROTEC 5 7SJ82 (CP150)SIPROTEC 5 7ST86 (CP300)SIPROTEC 5 7KE85 (CP200)SIPROTEC 5 7UT82 (CP100)SIPROTEC 5 7SA86 (CP300)SIPROTEC 5 7SL87 (CP200)SIPROTEC 5 7UM85 (CP300)SIPROTEC 5 7UT87 (CP300)SIPROTEC 5 6MD84 (CP300)SIPROTEC 5 6MD85 (CP300)SIPROTEC 5 7VE85 (CP300)SIPROTEC 5 7SD87 (CP300)SIPROTEC 5 7UT87 (CP200)SIPROTEC 5 7ST85 (CP200)SIPROTEC 5 7SD86 (CP300)SIPROTEC 5 7VK87 (CP200)SIPROTEC 5 6MD89 (CP300)SIPROTEC 5 7VK87 (CP300)SIPROTEC 5 7VU85 (CP300)SIPROTEC 5 7SD87 (CP200)SIPROTEC 5 7SS85 (CP300)SIPROTEC 5 7SJ86 (CP200)SIPROTEC 5 7SL82 (CP150)SIPROTEC 5 7SJ86 (CP300)SIPROTEC 5 7SL86 (CP300)SIPROTEC 5 6MD85 (CP200)SIPROTEC 5 7KE85 (CP300)SIPROTEC 5 7UT82 (CP150)SIPROTEC 5 7SA87 (CP300)SIPROTEC 5 7SY82 (CP150)SIPROTEC 5 Compact 7SX800 (CP050)SIPROTEC 5 7SL82 (CP100)SIPROTEC 5 6MD86 (CP200)SIPROTEC 5 7SJ85 (CP300)SIPROTEC 5 7SA87 (CP200)
CWE ID-CWE-489
Active Debug Code
Details not found