CVE-2025-0415

CRITICAL

Moxa EDF-G1002-BP Series < 3.14 - Authenticated OS Command Injection via NTP Settings

Title source: manual

Description

A remote attacker with web administrator privileges can exploit the device’s web interface to execute arbitrary system commands through the NTP settings. Successful exploitation may result in the device entering an infinite reboot loop, leading to a total or partial denial of connectivity for downstream systems that rely on its network services.

References (1)

Core 1

Core References

Various Sources vendor-advisory

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-259491-cve-2025-0415-command-injection-leading-to-denial-of-service-(dos)

Scores

CVSS v4 9.2

EPSS 0.0076

EPSS Percentile 73.5%

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (8)

Moxa/EDF-G1002-BP Series 1.0 - 3.14

Moxa/EDR-8010 Series 1.0 - 3.14

Moxa/EDR-810 Series 1.0 - 5.12.39

Moxa/EDR-G9004 Series 1.0 - 3.14

Moxa/EDR-G9010 Series 1.0 - 3.14

Moxa/NAT-102 Series 1.0 - 3.15

Moxa/OnCell G4302-LTE4 Series 1.0 - 3.14

Moxa/TN-4900 Series 1.0 - 3.14

Published Apr 02, 2025

Tracked Since Feb 18, 2026