216.73.217.22

CVE-2025-1680

· Published 23/10/2025 14:15 · Modified 23/10/2025 14:15

Labels: CVE-2025-1680 2025-10-23CVE-2025-1680CWE-349[email protected]

Essential information

Published
23/10/2025 14:15
Modified
23/10/2025 14:15
Author
Creator
CVSS
0.0 NONE (v3) None NONE (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

An acceptance of extraneous untrusted data with trusted data vulnerability has been identified in Moxa’s Ethernet switches, which allows attackers with administrative privileges to manipulate HTTP Host headers by injecting a specially crafted Host header into HTTP requests sent to an affected device’s web service. This vulnerability is classified as Host Header Injection, where invalid Host headers can manipulate to redirect users, forge links, or phishing attacks. There is no impact to the confidentiality, integrity, and availability of the affected device; no loss of confidentiality, integrity, and availability within any subsequent systems.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
moxa / ethernet switch cpe:2.3:h:moxa:ethernet_switch:*:*:*:*:*:*:*:*

References