7.8
CVE-2025-1731
- EPSS 0.06%
- Veröffentlicht 22.04.2025 01:52:04
- Zuletzt bearbeitet 30.10.2025 17:55:46
- Quelle security@zyxel.com.tw
- CVE-Watchlists
- Unerledigt
LoginAn incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting malicious scripts or modifying system configurations with administrator-level access through a stolen token. Modifying the system configuration is only possible if the administrator has not logged out and the token remains valid.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zyxel ≫ Uos Version >= 1.20 < 1.32
Zyxel ≫ Usg Flex 100h Version-
Zyxel ≫ Usg Flex 100hp Version-
Zyxel ≫ Usg Flex 200h Version-
Zyxel ≫ Usg Flex 200hp Version-
Zyxel ≫ Usg Flex 500h Version-
Zyxel ≫ Usg Flex 50h Version-
Zyxel ≫ Usg Flex 50hp Version-
Zyxel ≫ Usg Flex 700h Version-
Zyxel ≫ Usg Flex 100hp Version-
Zyxel ≫ Usg Flex 200h Version-
Zyxel ≫ Usg Flex 200hp Version-
Zyxel ≫ Usg Flex 500h Version-
Zyxel ≫ Usg Flex 50h Version-
Zyxel ≫ Usg Flex 50hp Version-
Zyxel ≫ Usg Flex 700h Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.185 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@zyxel.com.tw | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.