Login
Sign-up
About IT4A
SHOP OT Products
SUPPLY Solutions
PROTECT Solutions
HOST Solutions
CONNECT Services
Useful RESOURCES
CONTACT IT4A
AboutIT4A
SHOPOT Products
SUPPLYSolutions
HOSTSolutions
PROTECTSolutions
CONNECTServices
UsefulRESOURCES
CONTACTIT4A

CVE-2025-1679, CVE-2025-1680: Stored Cross-site Scripting (XSS) and Host Header Injection Vulnerabilities in Ethernet Switch

Published: October 23, 2025

This Alert Is From MOXA

As Industrial IoT (IIoT) adoption continues to proliferate, cybersecurity has become one of the top priorities. The Moxa Product Security Incident Response Team (PSIRT) takes a proactive approach to protect products from cybersecurity vulnerabilities. Moxa PSIRT investigates all reports of vulnerabilities that could potentially affect Moxa products. Moxa created a vulnerability management policy to provide guidance and information to our customers in the event of a reported vulnerability. The management policy ensures that Moxa’s customers have steady, unambiguous resources to help them understand how Moxa resolves or mitigates reported vulnerabilities. For any queries, please email PSIRT@moxa.com.

This security advisory addresses two vulnerabilities identified in Moxa’s Ethernet switches.

CVE-2025-1679

Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device’s web service that could impact authenticated users interacting with the device’s web interface. This vulnerability is classified as stored cross-site scripting (XSS); attackers inject malicious scripts into the system, and the scripts persist across sessions. There is no impact to the confidentiality, integrity, and availability of the affected device; no loss of availability within any subsequent systems but has some loss of confidentiality and integrity within the subsequent system.

CVE-2025-1680

An acceptance of extraneous untrusted data with trusted data vulnerability has been identified in Moxa’s Ethernet switches, which allows attackers with administrative privileges to manipulate HTTP Host headers by injecting a specially crafted Host header into HTTP requests sent to an affected device’s web service. This vulnerability is classified as Host Header Injection, where invalid Host headers can manipulate to redirect users, forge links, or phishing attacks. There is no impact to the confidentiality, integrity, and availability of the affected device; no loss of confidentiality, integrity, and availability within any subsequent systems.

Because the issues are assessed as medium to low severity, users can evaluate their environment and schedule the update in the next maintenance or update cycle.

 

The Identified Vulnerability Type and Potential Impact

CVE ID Vulnerability Type Impact
CVE-2025-1679

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC-63: Cross-Site Scripting (XSS)
CVE-2025-1680

CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data 

CAPEC-154: Resource Location Spoofing

Vulnerability Scoring Details 

CVE ID
Base Score
Vector
 Severity

Unauthenticated

Remote Exploits
CVE-2025-1679

CVSS 4.0: 4.8

AV:N/AC:L/AT:N/PR:H/UI:P/

VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

 Medium No
CVE-2025-1680 CVSS 4.0: 0.0

AV:N/AC:L/AT:P/PR:L/UI:P/

VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

 Low No

 

This alert has come from: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-257421-cve-2025-1679,-cve-2025-1680-stored-cross-site-scripting-(xss)-and-host-header-injection-vulnerabilities-in