RCE in Moxa Edf-g1002-bp Series

CVE-2025-0676

This vulnerability involves command injection in tcpdump within Moxa products, enabling an authenticated attacker with console access to exploit improper input validation to inject and execute systems commands. Successful exploitation coul…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.007 (72.5th percentile) — read the EPSS interpretation.

Affected products

Moxa Edf-g1002-bp Series — versions 1.0
Moxa Edr-8010 Series — versions 1.0
Moxa Edr-810 Series — versions 1.0
Moxa Edr-g9004 Series — versions 1.0
Moxa Edr-g9010 Series — versions 1.0
Moxa Nat-102 Series — versions 1.0
Moxa Oncell G4302-lte4 Series — versions 1.0
Moxa Tn-4900 Series — versions 1.0

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

www.moxa.com/en/support/product-support/security-advisory/mpsa-259491-cve-2025-… (vendor-advisory)