CVE-2025-5191

Name of the Vulnerable Software and Affected Versions: Moxa industrial computers (Windows) (affected versions not specified)

Description: An unquoted search path vulnerability exists in the SerialInterfaceService.exe utility. This allows a local attacker with limited privileges to place a malicious executable in a higher-priority directory within the search path. When the Serial Interface service starts, the malicious executable could be executed with SYSTEM privileges. Successful exploitation could allow privilege escalation or enable an attacker to maintain persistence on the affected system. While successful exploitation can severely impact the confidentiality, integrity, and availability of the affected device itself, there is no loss of confidentiality, integrity, or availability within any subsequent systems.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.