EUVD-2025-35688

🗓️ 23 Oct 2025 13:56:39Reported by EUVDType

Moxa switches allow admin attackers to inject HTTP Host headers, enabling phishing; no impact.

Reporter	Title	Published	Views	Family All 15
Circl	CVE-2025-1679	23 Oct 202514:03	–	circl
Circl	CVE-2025-1680	23 Oct 202514:15	–	circl
CNNVD	Moxa Ethernet switches 安全漏洞	23 Oct 202500:00	–	cnnvd
CNNVD	Moxa Ethernet switches 安全漏洞	23 Oct 202500:00	–	cnnvd
CVE	CVE-2025-1679	23 Oct 202513:51	–	cve
CVE	CVE-2025-1680	23 Oct 202513:56	–	cve
Cvelist	CVE-2025-1679	23 Oct 202513:51	–	cvelist
Cvelist	CVE-2025-1680	23 Oct 202513:56	–	cvelist
EUVD	EUVD-2025-35687	23 Oct 202513:51	–	euvd
NVD	CVE-2025-1679	23 Oct 202514:15	–	nvd

[
  {
    "enisaIdVendor": [
      {
        "id": "ecf8bd97-42a2-30b9-80da-f022e8f56ade",
        "vendor": {
          "name": "Moxa"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "20477837-bbe1-3cb3-b4bd-a2acab1dad9f",
        "product": {
          "name": "TN-4500A Series"
        },
        "product_version": "1.0 ≤3.13"
      },
      {
        "id": "2154adf5-af0d-39db-b461-83aefdaa80a8",
        "product": {
          "name": "TN-5500A Series"
        },
        "product_version": ""
      },
      {
        "id": "3009896f-c051-3bc2-b8d8-896945c29c35",
        "product": {
          "name": "TN-5500A Series"
        },
        "product_version": "1.0 ≤3.13"
      },
      {
        "id": "3dd25e0d-168b-3ad8-99dd-0c0ab25f792a",
        "product": {
          "name": "TN-G6500 Series"
        },
        "product_version": "1.0 ≤5.5"
      },
      {
        "id": "a5402a17-cdb4-36e6-97ae-09f34096ed6b",
        "product": {
          "name": "TN-G4500 Series"
        },
        "product_version": ""
      },
      {
        "id": "a5a0b305-943c-38b1-911b-bd1a6ed89fad",
        "product": {
          "name": "TN-G4500 Series"
        },
        "product_version": "1.0 ≤5.5"
      },
      {
        "id": "a72d306b-7bbc-3392-adaa-d0330a2c12b0",
        "product": {
          "name": "TN-4500A Series"
        },
        "product_version": ""
      },
      {
        "id": "bc8a529c-58df-35b9-9218-981c2624dc92",
        "product": {
          "name": "TN-G6500 Series"
        },
        "product_version": ""
      }
    ]
  }
]

Source	Link
moxa	www.moxa.com/en/support/product-support/security-advisory/mpsa-257421-cve-2025-1679,-cve-2025-1680-stored-cross-site-scripting-(xss)-and-host-header-injection-vulnerabilities-in
hackrtu	www.hackrtu.com/blog/cg-technical-en-003/
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-1680

23 Oct 2025 14:35Current

6.4Medium risk

Vulners AI Score6.4

CVSS 44.8

EPSS0.00051

SSVC