CVE-2025-1680 NONE

CVE-2025-1680

Vendor Moxa
Product TN-4500A Series
Weakness CWE-349
Published October 23, 2025
Last update October 23, 2025

CVSS base score

0.0/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

An acceptance of extraneous untrusted data with trusted data vulnerability has been identified in Moxa’s Ethernet switches, which allows attackers with administrative privileges to manipulate HTTP Host headers by injecting a specially crafted Host header into HTTP requests sent to an affected device’s web service. This vulnerability is classified as Host Header Injection, where invalid Host headers can manipulate to redirect users, forge links, or phishing attacks. There is no impact to the confidentiality, integrity, and availability of the affected device; no loss of confidentiality, integrity, and availability within any subsequent systems.

Key dates

02Disclosure timeline

October 23, 2025 CVE published
October 23, 2025 Record updated