Auth bypass in Moxa Edf-g1002-bp Series

CVE-2025-6892

An Incorrect Authorization vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authentication mechanism allows unauthorized access to protected API endpoints, including those intended for…

Vulnerability class: Broken Access Control

EPSS: 0.001 (18.1th percentile) — read the EPSS interpretation.

Affected products

Moxa Edf-g1002-bp Series — versions 1.0, 3.21
Moxa Edr-8010 Series — versions 1.0, 3.21
Moxa Edr-g9010 Series — versions 1.0, 3.21
Moxa Nat-102 Series — versions 1.0, 3.21
Moxa Nat-108 Series — versions 1.0, 3.21
Moxa Oncell G4302-lte4 Series — versions 1.0, 3.21.0
Moxa Tn-4900 Series — versions 1.0, 3.21

Weakness classification (CWE)

CWE-863 — Incorrect Authorization

References

www.moxa.com/en/support/product-support/security-advisory/mpsa-258121-cve-2025-… (vendor-advisory)