CVE-2025-0415: Command Injection in NTP Setting

9.2 CVSS

Description

A remote attacker with web administrator privileges can exploit the device’s web interface to execute arbitrary system commands through the NTP settings. Successful exploitation may result in the device entering an infinite reboot loop, leading to a total or partial denial of connectivity for downstream systems that rely on its network services.

Classification

CVE ID: CVE-2025-0415

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.2

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H

Problem Types

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Affected Products

Vendor: Moxa, Moxa, Moxa, Moxa, Moxa, Moxa, Moxa

Product: EDF-G1002-BP Series, EDR-810 Series, EDR-8010 Series, EDR-G9004 Series, EDR-G9010 Series, OnCell G4302-LTE4 Series, TN-4900 Series

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.18% (probability of being exploited)

EPSS Percentile: 40.78% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-0415
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-259491-cve-2025-0415-command-injection-leading-to-denial-of-service-(dos)

Timeline

2025-04-02 07:40:14 UTC
CVE

Command Injection in NTP Setting