CVE-2025-1679 Moxa — Exploit & Vulnerability Details MEDIUM

Parameter	Value
CVSS	4.8 (MEDIUM)
Affected Versions	1.0 — 5.5
Type	CWE-79 (Cross-Site Scripting (XSS))
Vendor	Moxa
Public PoC	No

Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device’s web service that could impact authenticated users interacting with the device’s web interface. This vulnerability is classified as stored cross-site scripting (XSS); attackers inject malicious scripts into the system, and the scripts persist across sessions. There is no impact to the confidentiality, integrity, and availability of the affected device; no loss of availability within any subsequent systems but has some loss of confidentiality and integrity within the subsequent system.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Attack Requirements

None

No additional conditions

Privileges Required

High

Admin privileges needed

User Interaction

Passive

Minimal interaction

Impact Assessment

Confidentiality

None

No data leak

Integrity

None

No data modification

Availability

None

No disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS)

Vulnerable Products 8

Configuration	From (including)	Up to (excluding)
Moxa Tn-4500a_Series cpe:2.3:a:moxa:tn-4500a_series::::::::	`1.0`	`<= 3.13`
Moxa Tn-4500a_Series cpe:2.3:a:moxa:tn-4500a_series:4.0:::::::*	—	—
Moxa Tn-5500a_Series cpe:2.3:a:moxa:tn-5500a_series::::::::	`1.0`	`<= 3.13`
Moxa Tn-5500a_Series cpe:2.3:a:moxa:tn-5500a_series:4.0:::::::*	—	—
Moxa Tn-G4500_Series cpe:2.3:a:moxa:tn-g4500_series::::::::	`1.0`	`<= 5.5`
Moxa Tn-G4500_Series cpe:2.3:a:moxa:tn-g4500_series:5.5.255:::::::*	—	—
Moxa Tn-G6500_Series cpe:2.3:a:moxa:tn-g6500_series::::::::	`1.0`	`<= 5.5`
Moxa Tn-G6500_Series cpe:2.3:a:moxa:tn-g6500_series:5.5.255:::::::*	—	—