Login
Sign-up
AboutIT4A
SHOPOT Products
SUPPLYSolutions
HOSTSolutions
PROTECTSolutions
CONNECTServices
UsefulRESOURCES
CONTACTIT4A

CVE-2025-5191: Unquoted Search Path Vulnerability in the Utility for Industrial Computers (Windows)

Published: August 25, 2025

This Alert Is From MOXA

As Industrial IoT (IIoT) adoption continues to proliferate, cybersecurity has become one of the top priorities. The Moxa Product Security Incident Response Team (PSIRT) takes a proactive approach to protect products from cybersecurity vulnerabilities. Moxa PSIRT investigates all reports of vulnerabilities that could potentially affect Moxa products. Moxa created a vulnerability management policy to provide guidance and information to our customers in the event of a reported vulnerability. The management policy ensures that Moxa’s customers have steady, unambiguous resources to help them understand how Moxa resolves or mitigates reported vulnerabilities. For any queries, please email [email protected].

This security advisory addresses one vulnerability identified in the utility for Moxa’s industrial computers (Windows).

CVE-2025-5191

An Unquoted Search Path vulnerability has been identified in the utility for Moxa’s industrial computers (Windows). Due to the unquoted path configuration in the SerialInterfaceService.exe utility, a local attacker with limited privileges could place a malicious executable in a higher-priority directory within the search path. When the Serial Interface service starts, the malicious executable could be run with SYSTEM privileges. Successful exploitation could allow privilege escalation or enable an attacker to maintain persistence on the affected system. While successful exploitation can severely impact the confidentiality, integrity, and availability of the affected device itself, there is no loss of confidentiality, integrity, or availability within any subsequent systems.

Given the severity of the vulnerability, users are strongly advised to immediately apply the latest version of the utility that includes a fix for this issue to mitigate associated security risks.

 

The Identified Vulnerability Type and Potential Impact

CVE ID Vulnerability Type Impact
CVE-2025-5191

CWE-428: Unquoted Search Path or Element

 CAPEC-233: Privilege Escalation

Vulnerability Scoring Details 

CVE ID
Base Score
Vector
 Severity

Unauthenticated

Remote Exploits
CVE-2025-5191

CVSS:4.0: 7.3

AV:L/AC:L/AT:P/PR:L/UI:N/

VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

 High No

 

This alert has come from: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-256421-cve-2025-5191-unquoted-search-path-vulnerability-in-the-utility-for-industrial-computers-(windows)