This security advisory addresses a vulnerability identified in serial device servers.
CVE-2025-15017
A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain unauthorized access to internal debug functionality. Exploitation is low complexity and allows an attacker to execute privileged operations and access sensitive system resources, resulting in a high impact to the confidentiality, integrity, and availability of the affected device. No security impact to external or dependent systems has been identified.
Since this issue is considered high severity, users should immediately apply the solutions to mitigate associated security risks.
The Identified Vulnerability Type and Potential Impact
| CVE ID | Vulnerability Type | Impact |
|---|---|---|
| CVE-2025-15017 |
CWE-489: Active Debug Code |
CAPEC-121: Exploit Non-Production Interfaces |
Vulnerability Scoring Details
|
CVE ID
|
Base Score
|
Vector
|
Severity |
Unauthenticated Remote Exploits |
|---|---|---|---|---|
| CVE-2025-15017 |
CVSS 4.0: 7.0 |
AV:P/AC:L/AT:N/PR:N/UI:N/ VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
High | No |
This alert has come from: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-257331-cve-2025-15017-active-debug-code-vulnerability-in-serial-device-servers