CVE-2025-1680

Name of the Vulnerable Software and Affected Versions Moxa Ethernet switches (affected versions not specified)

Description An acceptance of extraneous untrusted data with trusted data issue exists in Moxa’s Ethernet switches. This allows attackers with administrative privileges to manipulate HTTP Host headers by injecting a specially crafted Host header into HTTP requests sent to an affected device’s web service. This is a Host Header Injection issue, where invalid Host headers can be used to redirect users or for phishing attacks. There is no impact to the confidentiality, integrity, and availability of the affected device or any subsequent systems.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.