CVE-2025-15017
Published: Dec 31, 2025
Modified: Dec 31, 2025
Description
A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain unauthorized access to internal debug functionality. Exploitation is low complexity and allows an attacker to execute privileged operations and access sensitive system resources, resulting in a high impact to the confidentiality, integrity, and availability of the affected device. No security impact to external or dependent systems has been identified.
| Vendor | Product | Versions |
|---|---|---|
Moxa | NPort 5000AI-M12 Series | affected 1.0 |
Moxa | NPort 5100 Series | affected 1.0 |
Moxa | NPort 5100A Series | affected 1.0 |
Moxa | NPort 5200 Series | affected 1.0 |
Moxa | NPort 5200A Series | affected 1.0 |
Moxa | NPort 5400 Series | affected 1.0 |
Moxa | NPort 5600 Series | affected 1.0 |
Moxa | NPort 5600-DT Series | affected 1.0 |
Moxa | NPort IA5000 Series | affected 1.0 |
Moxa | NPort IA5000A Series | affected 1.0 |
Moxa | NPort IA5000-G2 Series | affected 1.0 |
Weaknesses (CWE)
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now