CVE-2025-0676

Published Apr 2, 2025

Last updated 3 days ago

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-0676 is a command injection vulnerability found in the tcpdump component of Moxa products. It allows an authenticated attacker with console access to inject and execute arbitrary system commands by exploiting improper input validation. Successful exploitation of this vulnerability can lead to privilege escalation, granting the attacker root shell access and persistent control over the device. This could disrupt network services and affect the availability of downstream systems that rely on the compromised device's connectivity. Moxa has released solutions for the affected products, recommending users update to the latest versions to mitigate the risks.

Description: This vulnerability involves command injection in tcpdump within Moxa products, enabling an authenticated attacker with console access to exploit improper input validation to inject and execute systems commands. Successful exploitation could result in privilege escalation, allowing the attacker to gain root shell access and maintain persistent control over the device, potentially disrupting network services and affecting the availability of downstream systems that rely on its connectivity.
Source: psirt@moxa.com
NVD status: Awaiting Analysis

Risk scores

CVSS 4.0

Type: Secondary
Base score: 8.6
Impact score: -
Exploitability score: -
Vector string: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity: HIGH

Weaknesses

psirt@moxa.com: CWE-78

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score: 10

Overview

AI description

Risk scores

CVSS 4.0

Weaknesses

Social media

References