CVE-2025-15017 HIGH

CVE-2025-15017

Vendor Moxa
Product NPort 5000AI-M12 Series
Weakness CWE-489
Published December 31, 2025
Last update December 31, 2025

CVSS base score

7.0/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain unauthorized access to internal debug functionality. Exploitation is low complexity and allows an attacker to execute privileged operations and access sensitive system resources, resulting in a high impact to the confidentiality, integrity, and availability of the affected device. No security impact to external or dependent systems has been identified.

Key dates

02Disclosure timeline

December 31, 2025 CVE published
December 31, 2025 Record updated