CVE-2025-6950
Moxa Network Security Appliances and Routers Hard-Coded Credentials JWT Forgery
Description
An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security appliances and routers. The system employs a hard-coded secret key to sign JSON Web Tokens (JWT) used for authentication. This insecure implementation allows an unauthenticated attacker to forge valid tokens, thereby bypassing authentication controls and impersonating any user. Exploitation of this vulnerability can result in complete system compromise, enabling unauthorized access, data theft, and full administrative control over the affected device. While successful exploitation can severely impact the confidentiality, integrity, and availability of the affected device itself, there is no loss of confidentiality or integrity within any subsequent systems.
INFO
Published Date :
Oct. 17, 2025, 4:16 a.m.
Last Modified :
Oct. 21, 2025, 7:31 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 4.0 | CRITICAL | 2e0a0ee2-d866-482a-9f5e-ac03d156dbaa | ||||
| CVSS 4.0 | CRITICAL | [email protected] |
Solution
- Remove hard-coded credentials.
- Implement secure JWT signing.
- Apply vendor security updates.
- Re-authenticate all users.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-6950.
| URL | Resource |
|---|---|
| https://www.moxa.com/en/support/product-support/security-advisory/mpsa-258121-cve-2025-6892,-cve-2025-6893,-cve-2025-6894,-cve-2025-6949,-cve-2025-6950-multiple-vulnerabilities-in-netwo |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-6950 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-6950
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-6950 vulnerability anywhere in the article.
-
Help Net Security
Week in review: Actively exploited Windows SMB flaw, trusted OAuth apps turned into cloud backdoors
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Most AI privacy research looks the wrong way Most research on LLM privacy has focused on the wrong pro ... Read more
-
Help Net Security
Hard-coded credentials found in Moxa industrial security appliances, routers (CVE-2025-6950)
Moxa has fixed 5 vulnerabilities in its industrial network security appliances and routers, including a remotely exploitable flaw (CVE-2025-6950) that may result in complete system compromise. There’s ... Read more
-
Daily CyberSecurity
Critical Moxa Flaw (CVE-2025-6950, CVSS 9.9) Allows Unauthenticated Admin Takeover via Hard-Coded JWT Secret
Moxa, a leading manufacturer of industrial networking and security appliances, has released an urgent security advisory addressing five critical vulnerabilities affecting multiple product series, incl ... Read more
The following table lists the changes that have been made to the
CVE-2025-6950 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by [email protected]
Oct. 17, 2025
Action Type Old Value New Value Added Description An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security appliances and routers. The system employs a hard-coded secret key to sign JSON Web Tokens (JWT) used for authentication. This insecure implementation allows an unauthenticated attacker to forge valid tokens, thereby bypassing authentication controls and impersonating any user. Exploitation of this vulnerability can result in complete system compromise, enabling unauthorized access, data theft, and full administrative control over the affected device. While successful exploitation can severely impact the confidentiality, integrity, and availability of the affected device itself, there is no loss of confidentiality or integrity within any subsequent systems. Added CVSS V4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Added CWE CWE-798 Added Reference https://www.moxa.com/en/support/product-support/security-advisory/mpsa-258121-cve-2025-6892,-cve-2025-6893,-cve-2025-6894,-cve-2025-6949,-cve-2025-6950-multiple-vulnerabilities-in-netwo