CVE-2025-15017

216.73.216.6

· Published 31/12/2025 08:15 · Modified 31/12/2025 20:42

Labels: CVE-2025-15017 2025-12-31 CVE-2025-15017 CWE-489 [email protected]

Essential information

Published: 31/12/2025 08:15
Modified: 31/12/2025 20:42
Author: —
Creator: —
CVSS: 7.0 HIGH (v3) 7.0 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain unauthorized access to internal debug functionality. Exploitation is low complexity and allows an attacker to execute privileged operations and access sensitive system resources, resulting in a high impact to the confidentiality, integrity, and availability of the affected device. No security impact to external or dependent systems has been identified.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
moxa / serial device server	`cpe:2.3:a:moxa:serial_device_server::::::::`