CVE-2025-0415

A remote attacker with web administrator privileges can exploit the devices web interface to execute arbitrary system commands through the NTP settings. Successful exploitation may result in the device entering an infinite reboot loop, leading to a total or partial denial of connectivity for downstream systems that rely on its network services.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
MoxaCNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
Common Weakness Enumeration
References
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-259491-cve-2025-0415-command-injection-leading-to-denial-of-service-(dos)