CVE-2025-6950

Name of the Vulnerable Software and Affected Versions Moxa network security appliances and routers (affected versions not specified)

Description A security issue exists in Moxa’s network security appliances and routers related to the use of hard-coded credentials. The system uses a hard-coded secret key to sign JSON Web Tokens (JWT) for authentication. This allows an attacker to forge valid tokens, bypassing authentication and potentially impersonating any user. Successful exploitation could lead to complete system compromise, including unauthorized access, data theft, and full administrative control. Exploitation does not impact the confidentiality or integrity of subsequent systems. The issue involves the signing of JSON Web Tokens (JWT), which are a standard for securely transmitting information between parties as a JSON object.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.