CVE-2025-1679

Name of the Vulnerable Software and Affected Versions Moxa’s Ethernet switches (affected versions not specified)

Description An authenticated administrative attacker can inject malicious scripts into the web service of affected devices, potentially impacting authenticated users interacting with the device’s web interface. This is a stored cross-site scripting (XSS) issue, where injected scripts persist across sessions. The issue does not impact the confidentiality, integrity, and availability of the affected device itself, but may cause some loss of confidentiality and integrity within subsequent systems. The vulnerability involves injecting malicious scripts into the system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.