Moxa Product Security Update Advisory

Overview

 

We have released a security update to fix vulnerabilities in Moxa products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-6892, CVE-2025-6893, CVE-2025-6949, CVE-2025-6950

 

EDR-G9010 Series Versions: 3.14 and earlier
EDR-8010 Series Version: 3.17 and earlier
EDF-G1002-BP Series Version: 3.17 or earlier
TN-4900 Series Version: 3.14 or earlier
NAT-102 Series Version: 3.17 or earlier
NAT-108 Series Version: 3.16 or earlier
OnCell G4302-LTE4 Series Version: 3.13 or earlier

 

 

Resolved Vulnerabilities

 

API authentication bypass-based authorization validation vulnerability in Moxa network security appliances and routers (CVE-2025-6892)
Configuration data access and change privilege bypass vulnerability in Moxa network security appliances and routers (CVE-2025-6893)
Administrator account creation privilege bypass vulnerability in Moxa network security appliances and routers (CVE-2025-6949)
Hardcoded JWT key-based authentication bypass vulnerability in Moxa network security appliances and routers (CVE-2025-6950)

 

 

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2025-6892, CVE-2025-6893, CVE-2025-6949, CVE-2025-6950

 

EDR-G9010 Series version: 3.21 or later
EDR-8010 Series Version: 3.21 or later
EDF-G1002-BP Series Version: 3.21 or later
TN-4900 Series Version: 3.21 or later
NAT-102 Series Version: 3.21 or later
NAT-108 Series Version: 3.21 or later
OnCell G4302-LTE4 Series Version: 3.21.0

 

 

References

 

[1] CVE-2025-6892, CVE-2025-6893, CVE-2025-6894, CVE-2025-6949, CVE-2025-6950: Multiple Vulnerabilities in Network Security Appliances and Routers
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-258121-cve-2025-6892,-cve-20..