Mobaxterm
by Mobatek
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-25741 | Cri | 0.64 | 9.8 | 0.01 | Jun 4, 2026 | Mobatek MobaXterm 12.1 contains a structured exception handling (SEH) based buffer overflow vulnerability in the username field of session files that allows remote attackers to execute arbitrary code. Attackers can craft a malicious MobaXterm sessions file with overflow data… | ||
| CVE-2017-15376 | Cri | 0.64 | 9.8 | 0.04 | Oct 16, 2017 | The TELNET service in Mobatek MobaXterm 10.4 does not require authentication, which allows remote attackers to execute arbitrary commands via TCP port 23. | ||
| CVE-2024-48200 | Hig | 0.55 | 8.4 | 0.00 | Oct 31, 2024 | An issue in MobaXterm v24.2 allows a local attacker to escalate privileges and execute arbitrary code via the remove function of the MobaXterm MSI is spawning one Administrative cmd (conhost.exe) | ||
| CVE-2026-25866 | Hig | 0.51 | 7.8 | 0.00 | Mar 9, 2026 | MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. The application calls WinExec to execute Notepad++ without a fully qualified executable path when opening remote files. An attacker can exploit the search path behavior by placing a… | ||
| CVE-2025-0714 | Med | 0.42 | 6.5 | 0.00 | Feb 17, 2025 | The vulnerability exists in the password storage of Mobateks MobaXterm in versions below 25.0. MobaXTerm uses an initialisation vector (IV) consisting only of zero bytes and a master key to encrypt each password individually. In the default configuration, on opening MobaXTerm,… | ||
| CVE-2017-6805 | Med | 0.38 | 5.3 | 0.08 | Mar 20, 2017 | Directory traversal vulnerability in the TFTP server in MobaXterm Personal Edition 9.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET command. | ||
| CVE-2022-38337 | 0.00 | — | 0.01 | Dec 5, 2022 | When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial of Service (DoS) for the user if services like fail2ban are used. | |||
| CVE-2021-28847 | 0.00 | — | 0.01 | Jun 3, 2021 | MobaXterm before 21.0 allows remote servers to cause a denial of service (Windows GUI hang) via tab title change requests that are sent repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. | |||
| CVE-2019-16305 | 0.00 | — | 0.07 | Sep 14, 2019 | In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also… | |||
| CVE-2019-13475 | 0.00 | — | 0.04 | Jul 9, 2019 | In MobaXterm 11.1, the mobaxterm: URI handler has an argument injection vulnerability that allows remote attackers to execute arbitrary commands when the user visits a specially crafted URL. Based on the available command-line arguments of the software, one can simply inject… | |||
| CVE-2015-7244 | 0.00 | — | 0.05 | Nov 4, 2015 | The default configuration of the server in MobaXterm before 8.3 has a disabled Access Control setting and consequently does not require authentication for X11 connections, which allows remote attackers to execute arbitrary commands or obtain sensitive information via X11 packets. |
- risk 0.64cvss 9.8epss 0.01
Mobatek MobaXterm 12.1 contains a structured exception handling (SEH) based buffer overflow vulnerability in the username field of session files that allows remote attackers to execute arbitrary code. Attackers can craft a malicious MobaXterm sessions file with overflow data…
- risk 0.64cvss 9.8epss 0.04
The TELNET service in Mobatek MobaXterm 10.4 does not require authentication, which allows remote attackers to execute arbitrary commands via TCP port 23.
- risk 0.55cvss 8.4epss 0.00
An issue in MobaXterm v24.2 allows a local attacker to escalate privileges and execute arbitrary code via the remove function of the MobaXterm MSI is spawning one Administrative cmd (conhost.exe)
- risk 0.51cvss 7.8epss 0.00
MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. The application calls WinExec to execute Notepad++ without a fully qualified executable path when opening remote files. An attacker can exploit the search path behavior by placing a…
- risk 0.42cvss 6.5epss 0.00
The vulnerability exists in the password storage of Mobateks MobaXterm in versions below 25.0. MobaXTerm uses an initialisation vector (IV) consisting only of zero bytes and a master key to encrypt each password individually. In the default configuration, on opening MobaXTerm,…
- risk 0.38cvss 5.3epss 0.08
Directory traversal vulnerability in the TFTP server in MobaXterm Personal Edition 9.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET command.
- CVE-2022-38337Dec 5, 2022risk 0.00cvss —epss 0.01
When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial of Service (DoS) for the user if services like fail2ban are used.
- CVE-2021-28847Jun 3, 2021risk 0.00cvss —epss 0.01
MobaXterm before 21.0 allows remote servers to cause a denial of service (Windows GUI hang) via tab title change requests that are sent repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls.
- CVE-2019-16305Sep 14, 2019risk 0.00cvss —epss 0.07
In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also…
- CVE-2019-13475Jul 9, 2019risk 0.00cvss —epss 0.04
In MobaXterm 11.1, the mobaxterm: URI handler has an argument injection vulnerability that allows remote attackers to execute arbitrary commands when the user visits a specially crafted URL. Based on the available command-line arguments of the software, one can simply inject…
- CVE-2015-7244Nov 4, 2015risk 0.00cvss —epss 0.05
The default configuration of the server in MobaXterm before 8.3 has a disabled Access Control setting and consequently does not require authentication for X11 connections, which allows remote attackers to execute arbitrary commands or obtain sensitive information via X11 packets.