Login
Sign-up
About IT4A
SHOP OT Products
SUPPLY Solutions
PROTECT Solutions
HOST Solutions
CONNECT Services
Useful RESOURCES
CONTACT IT4A
AboutIT4A
SHOPOT Products
SUPPLYSolutions
HOSTSolutions
PROTECTSolutions
CONNECTServices
UsefulRESOURCES
CONTACTIT4A

CVE-2025-9315: Unauthenticated Device Registration Vulnerability in MXsecurity Series

Published: December 10, 2025

This Alert Is From MOXA

As Industrial IoT (IIoT) adoption continues to proliferate, cybersecurity has become one of the top priorities. The Moxa Product Security Incident Response Team (PSIRT) takes a proactive approach to protect products from cybersecurity vulnerabilities. Moxa PSIRT investigates all reports of vulnerabilities that could potentially affect Moxa products. Moxa created a vulnerability management policy to provide guidance and information to our customers in the event of a reported vulnerability. The management policy ensures that Moxa’s customers have steady, unambiguous resources to help them understand how Moxa resolves or mitigates reported vulnerabilities. For any queries, please email PSIRT@moxa.com.

This security advisory addresses a vulnerability identified in the  MXsecurity Series.

CVE-2025-9315

An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity Series. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted JSON payload to the device's registration endpoint /api/v1/devices/register, allowing the attacker to register unauthorized devices without authentication. Although exploiting this vulnerability has limited modification of data, there is no impact to the confidentiality and availability of the affected device, as well as no loss of confidentiality, integrity, and availability within any subsequent systems.

Because the vulnerability is assessed as medium severity, users are suggested to evaluate their environment and schedule the update in the next maintenance or update cycle.

 

The Identified Vulnerability Type and Potential Impact

CVE ID Vulnerability Type Impact
CVE-2025-9315

CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes

 CAPEC-77: Manipulating User-Controlled Variables

Vulnerability Scoring Details 

CVE ID
Base Score
Vector
 Severity

Unauthenticated

Remote Exploits
CVE-2025-9315

CVSS 4.0: 6.3

AV:N/AC:H/AT:N/PR:N/UI:N/

VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

 Medium Yes

 

This alert has come from: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-252631-cve-2025-9315-unauthenticated-device-registration-vulnerability-in-mxsecurity-series