Description

A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain unauthorized access to internal debug functionality. Exploitation is low complexity and allows an attacker to execute privileged operations and access sensitive system resources, resulting in a high impact to the confidentiality, integrity, and availability of the affected device. No security impact to external or dependent systems has been identified.

INFO

Published Date :

2025-12-31T07:44:24.344Z

Last Modified :

2025-12-31T16:06:32.337Z

Source :

Moxa
AFFECTED PRODUCTS

The following products are affected by CVE-2025-15017 vulnerability.

Vendors Products
Moxa
  • Nport 5000ai-m12 Series
  • Nport 5100 Series
  • Nport 5100a Series
  • Nport 5200 Series
  • Nport 5200a Series
  • Nport 5400 Series
  • Nport 5600-dt Series
  • Nport 5600 Series
  • Nport Ia5000-g2 Series
  • Nport Ia5000 Series
  • Nport Ia5000a Series
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-15017.

URL Resource
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-257331-cve-2025-15017-active-debug-code-vulnerability-in-serial-device-servers cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability