THE CORTEX PROTOCOL
🏠Home🚨Threats🧩Patches📚Books🎬Mission Logs
🔴 HIGHadvisory

Hard-coded credentials found in Moxa industrial security appliances, routers (CVE-2025-6950)

Category:Threat Alerts / Vulnerabilities & Exploits
Moxa patched five vulnerabilities impacting OT security appliances and routers, including CVE-2025-6950—hard‑coded JWT signing keys enabling auth bypass and full device compromise. Additional issues include API auth flaws and privilege escalation that allow creation of admin accounts and execution of internal reconnaissance functions. Updates are available; Moxa advises restricting exposure and enforcing least privilege.

🎯CORTEX Protocol Intelligence Assessment

Business Impact: OT gateways with weak auth controls risk total compromise, enabling lateral movement into industrial networks. Technical Context: Remote, unauthenticated exploitation possible; affects EDR routers, TN-4900 switches, NAT devices, and OnCell gateways.

Strategic Intelligence Guidance

  • Upgrade impacted firmware to v3.21+ and restrict internet exposure.
  • Enforce MFA and least-privilege access for device admins.
  • Enable logging/monitoring and review for anomalous admin actions.
  • Conduct regular OT security assessments and network segmentation.

CVEs

CVE-2025-6950CVE-2025-6892CVE-2025-6893CVE-2025-6949CVE-2025-6894

Vendors

Moxa

Threats

Auth bypassPrivilege escalation

Targets

OT devicesIndustrial routersSwitches

Tags

#moxa#ot#cve-2025-6950#jwt#industrial
Intelligence Source: Hard-coded credentials found in Moxa industrial security appliances, routers (CVE-2025-6950) - Help Net Security | Oct 21, 2025
More stories in Vulnerabilities & Exploits