CVE-2025-6894

Name of the Vulnerable Software and Affected Versions Moxa network security appliances and routers (affected versions not specified)

Description A flaw in the API authorization logic allows an authenticated, low-privileged user to execute the administrative ping function, which is restricted to higher-privileged roles. This enables the user to perform internal network reconnaissance, potentially discovering internal hosts or services. Repeated exploitation could lead to minor resource consumption. The vulnerability does not affect the integrity of the device or any subsequent systems. The vulnerable function is ping. The API endpoint is not specified.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.