CVE-2025-1680
Oct. 23, 2025, 2:15 p.m.
0.0
No Score
Description
An acceptance of extraneous untrusted data with trusted data vulnerability has been identified in Moxa’s Ethernet switches, which allows attackers with administrative privileges to manipulate HTTP Host headers by injecting a specially crafted Host header into HTTP requests sent to an affected device’s web service. This vulnerability is classified as Host Header Injection, where invalid Host headers can manipulate to redirect users, forge links, or phishing attacks. There is no impact to the confidentiality, integrity, and availability of the affected device; no loss of confidentiality, integrity, and availability within any subsequent systems.
Product(s) Impacted
| Vendor | Product | Versions |
|---|---|---|
| Moxa |
|
|
Weaknesses
Common security weaknesses mapped to this vulnerability.
CWE-349
Acceptance of Extraneous Untrusted Data With Trusted Data
The product, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.
*CPE(s)
Affected systems and software identified for this CVE.
| Type | Vendor | Product | Version | Update | Edition | Language | Software Edition | Target Software | Target Hardware | Other Information |
|---|---|---|---|---|---|---|---|---|---|---|
| h | moxa | ethernet_switch | / | / | / | / | / | / | / | / |
Tags
Timeline
Published: Oct. 23, 2025, 2:15 p.m.
Last Modified: Oct. 23, 2025, 2:15 p.m.
Last Modified: Oct. 23, 2025, 2:15 p.m.
Status : Received
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
psirt@moxa.com
*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.