CVE-2025-0415

Critical CVSS: 9.2

A remote attacker with web administrator privileges can exploit the device’s web interface to execute arbitrary system commands through the NTP settings. Successful exploitation may result in the device entering an infinite reboot loop, leading to a total or partial denial of connectivity for downstream systems that rely on its network services.

Vendor

Product

CWE

CWE-78

Yayın Tarihi

2025-04-02 07:15:41

Güncelleme

2025-04-02 14:58:07

Source Identifier

psirt@moxa.com

KEV Date Added

Kategoriler

CWE-78 CRITICAL 2025

Referanslar

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-259491-cve-2025-0415-command-injection-leading-to-denial-of-service-(dos)