CVE-2025-1679 MEDIUM

CVE-2025-1679

Vendor Moxa

Product TN-4500A Series

Weakness CWE-79 · XSS

Published October 23, 2025

Last update October 23, 2025

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device’s web service that could impact authenticated users interacting with the device’s web interface. This vulnerability is classified as stored cross-site scripting (XSS); attackers inject malicious scripts into the system, and the scripts persist across sessions. There is no impact to the confidentiality, integrity, and availability of the affected device; no loss of availability within any subsequent systems but has some loss of confidentiality and integrity within the subsequent system.

Key dates

02Disclosure timeline

October 23, 2025 CVE published

October 23, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-1679

Related vulnerabilities

Identifiers

CVE CVE-2025-1679

CWE CWE-79

CVSS 4.8 / MEDIUM

Affected versions

Vendor Moxa

Product TN-4500A Series

Affected ≥ 1.0 and ≤ 3.13

Vendor Moxa

Product TN-5500A Series

Affected ≥ 1.0 and ≤ 3.13

Vendor Moxa

Product TN-G4500 Series

Affected ≥ 1.0 and ≤ 5.5

Vendor Moxa

Product TN-G6500 Series

Affected ≥ 1.0 and ≤ 5.5

CVE-2025-1679

01Description

02Disclosure timeline

03References

04Related CVE