Vulnerability in Moxa Edf-g1002-bp Series

CVE-2025-6950

An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security appliances and routers. The system employs a hard-coded secret key to sign JSON Web Tokens (JWT) used for authentication. This insecure implement…

EPSS: 0.003 (52.6th percentile) — read the EPSS interpretation.

Affected products

Moxa Edf-g1002-bp Series — versions 1.0, 3.21
Moxa Edr-8010 Series — versions 1.0, 3.21
Moxa Edr-g9010 Series — versions 1.0, 3.21
Moxa Nat-102 Series — versions 1.0, 3.21
Moxa Nat-108 Series — versions 1.0, 3.21
Moxa Oncell G4302-lte4 Series — versions 1.0, 3.21.0
Moxa Tn-4900 Series — versions 1.0, 3.21

Weakness classification (CWE)

CWE-798 — Use of Hard-coded Credentials

References

www.moxa.com/en/support/product-support/security-advisory/mpsa-258121-cve-2025-… (vendor-advisory)