CVE-2025-15017_CVE-2025-15017

7 / 10

HIGH

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain unauthorized access to internal debug functionality. Exploitation is low complexity and allows an attacker to execute privileged operations and access sensitive system resources, resulting in a high impact to the confidentiality, integrity, and availability of the affected device. No security impact to external or dependent systems has been identified.

Basic Information

ID CVE-2025-15017

Source Moxa

Published Dec 31, 2025 at 07:44

Affected Product

Vendor Moxa

Product NPort 5000AI-M12 Series

Version 1.0

Affected Versions Moxa NPort 5000AI-M12 Series 1.0
Moxa NPort 5100 Series 1.0
Moxa NPort 5100A Series 1.0
Moxa NPort 5200 Series 1.0
Moxa NPort 5200A Series 1.0
Moxa NPort 5400 Series 1.0
Moxa NPort 5600 Series 1.0
Moxa NPort 5600-DT Series 1.0
Moxa NPort IA5000 Series 1.0
Moxa NPort IA5000A Series 1.0
Moxa NPort IA5000-G2 Series 1.0

CWE Classification

CWE-489

References

www.moxa.com /en/support/product-support/security-advisory/mpsa-257331-cve-2025-15017-active-debug-code-vulnerability-in-serial-device-servers

{
    "lastseen": "",
    "description": "A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain unauthorized access to internal debug functionality. Exploitation is low complexity and allows an attacker to execute privileged operations and access sensitive system resources, resulting in a high impact to the confidentiality, integrity, and availability of the affected device. No security impact to external or dependent systems has been identified.",
    "published": "2025-12-31T07:44:24.344Z",
    "modified": "2025-12-31T07:44:24.344Z",
    "type": "cve",
    "title": "CVE-2025-15017",
    "source": "Moxa",
    "references": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-257331-cve-2025-15017-active-debug-code-vulnerability-in-serial-device-servers",
    "id": "CVE-2025-15017",
    "bulletinFamily": "",
    "cwe": [
        "CWE-489"
    ],
    "cvelist": null,
    "sourceData": "Moxa NPort 5000AI-M12 Series 1.0\nMoxa NPort 5100 Series 1.0\nMoxa NPort 5100A Series 1.0\nMoxa NPort 5200 Series 1.0\nMoxa NPort 5200A Series 1.0\nMoxa NPort 5400 Series 1.0\nMoxa NPort 5600 Series 1.0\nMoxa NPort 5600-DT Series 1.0\nMoxa NPort IA5000 Series 1.0\nMoxa NPort IA5000A Series 1.0\nMoxa NPort IA5000-G2 Series 1.0",
    "sourceHref": "",
    "cvss": {
        "score": 7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "NPort 5000AI-M12 Series",
    "version": "1.0",
    "vendor": "Moxa",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}