Moxa has fixed 5 vulnerabilities in its industrial network security appliances and routers, including a remotely exploitable flaw (CVE-2025-6950) that may result in complete system compromise.
There’s no mention of these flaws being exploited in the wild, but due to their severity, the company has advised customers to apply the latest firmware updates immediately.
CVE-2025-6950 et al.
Moxa is a Taiwanese company that specializes in industrial communications, networking, and edge connectivity for operational technology (OT) environments.
The list of fixed vulnerabilities includes:
CVE-2025-6950, stemming from the use of a hard-coded secret key to sign JSON Web Tokens (JWT) used for authentication.
“This insecure implementation allows an unauthenticated attacker to forge valid tokens, thereby bypassing authentication controls and impersonating any user. Exploitation of this vulnerability can result in complete system compromise, enabling unauthorized access, data theft, and full administrative control over the affected device,” Moxa explained.
CVE-2025-6950 can be exploited remotely by unauthenticated attackers, and so can CVE-2025-6892, “a flaw in the API authentication mechanism [that] allows unauthorized access to protected API endpoints, including those intended for administrative functions.”
CVE-2025-6893, CVE-2025-6949, and CVE-2025-6894 are privilege escalation vulnerabilities that could allow authenticated users with low privileges to call a specific API (to execute privileged operations), execute the administrative “ping” function (for internal network reconnaissance), and create a new administrator account (to achieve admin control over the affected device), respectively.
The vulnerabilities affect the firmware running on its:
- EDR Series of industrial secure routers/firewalls: EDR-G9010, EDR-8010, and EDF-G1002-BP
- Industrial Ethernet switches: TN-4900 Series
- Industrial NAT devices:NAT-102 and NAT-108
- Industrial cellular gateways/routers: OnCell G4302-LTE4 Series
All devices should be upgraded to v3.21 or later.
Aside from regularly updating firmware and software, Moxa also advises customers to:
- Restrict network access to devices
- Minimize their exposure to attack (by not exposing them on the internet and disabling unused ports/services)
- Strengthen device authentication (with multi-factor authentication) and access control (by enforcing least-privilege access)
- Implement secure remote access (VPN, SSH, etc.)
- Implement logging and monitoring and anomaly detection
- Conduct regular security assessments.
Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!
