- Description
- An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security appliances and routers. The system employs a hard-coded secret key to sign JSON Web Tokens (JWT) used for authentication. This insecure implementation allows an unauthenticated attacker to forge valid tokens, thereby bypassing authentication controls and impersonating any user. Exploitation of this vulnerability can result in complete system compromise, enabling unauthorized access, data theft, and full administrative control over the affected device. While successful exploitation can severely impact the confidentiality, integrity, and availability of the affected device itself, there is no loss of confidentiality or integrity within any subsequent systems.
- Source
- psirt@moxa.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 9.9
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
- psirt@moxa.com
- CWE-798
- Hype score
- Not currently trending
#VulnerabilityReport #AuthenticationBypass Critical Moxa Flaw (CVE-2025-6950, CVSS 9.9) Allows Unauthenticated Admin Takeover via Hard-Coded JWT Secret https://t.co/W5ex0Is3gO
@Komodosec
25 Nov 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Warning: Multiple critical vulnerabilities in #Moxa Inc. #ICS network appliances and routers (CVE-2025-6892, CVE-2025-6893, CVE-2025-6894, CVE-2025-6949, CVE-2025-6950), including hard-coded credentials and unauthorized admin account creation. https://t.co/zrwhdViCtE #Patch
@CCBalert
21 Oct 2025
56 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
🔴Moxa Industrial Devices: Hard-Coded JWT Credentials (CVE-2025-6950) 🔴 Moxa fixed 5 critical vulnerabilities in industrial routers/firewalls including unauthenticated RCE. CVE-2025-6950 stems from hard-coded JWT signing secrets. Attackers forge valid tokens, bypass
@the_c_protocol
21 Oct 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hard-coded credentials found in #Moxa #industrial security appliances, routers (#CVE-2025-6950) https://t.co/sTxwAk5oA7
@ScyScan
20 Oct 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Moxa patched five critical flaws in its industrial routers, including a CVE-2025-6950 (CVSS 9.9) bug where hard-coded JWT credentials allow unauthenticated attackers to impersonate any user. Update to v3.21. #Moxa #ICSsecurity #CVE #CriticalPatch https://t.co/I9TV9UBrIj
@the_yellow_fall
20 Oct 2025
379 Impressions
5 Retweets
6 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 CRITICAL: CVE-2025-6950 hits Moxa EDR-G9010 Series (v1.0). Hard-coded JWT keys enable full system takeover—no auth needed! Patch pending; restrict access & monitor closely. https://t.co/57WxVTg0SZ #OffSeq #I... https://t.co/cvICmEx03S
@offseq
17 Oct 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-6950 Hard-Coded JWT Signing Key Vulnerability in Moxa Network Security Appliances https://t.co/PrKF8ugMRc
@VulmonFeeds
17 Oct 2025
71 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-6950 An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security appliances and routers. The system employs a hard-coded secret key to sign… https://t.co/JxAsrQ01F8
@CVEnew
17 Oct 2025
352 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes