Home

Description

A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain unauthorized access to internal debug functionality. Exploitation is low complexity and allows an attacker to execute privileged operations and access sensitive system resources, resulting in a high impact to the confidentiality, integrity, and availability of the affected device. No security impact to external or dependent systems has been identified.

PUBLISHED Reserved 2025-12-22 | Published 2025-12-31 | Updated 2025-12-31 | Assigner Moxa




HIGH: 7.0CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-489: Active Debug Code

Product status

Default status
affected

1.0 (custom)
affected

Default status
affected

1.0 (custom)
affected

Default status
affected

1.0 (custom)
affected

Default status
affected

1.0 (custom)
affected

Default status
affected

1.0 (custom)
affected

Default status
affected

1.0 (custom)
affected

Default status
affected

1.0 (custom)
affected

Default status
affected

1.0 (custom)
affected

Default status
affected

1.0 (custom)
affected

Default status
affected

1.0 (custom)
affected

Default status
affected

1.0 (custom)
affected

References

www.moxa.com/...-code-vulnerability-in-serial-device-servers vendor-advisory

cve.org (CVE-2025-15017)

nvd.nist.gov (CVE-2025-15017)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.