6.7

CVE-2025-1732

Medienbericht
An improper privilege management vulnerability in the recovery function of the Zyxel USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ZyxelUos Version1.31
   ZyxelUsg Flex 100h Version-
   ZyxelUsg Flex 100hp Version-
   ZyxelUsg Flex 200h Version-
   ZyxelUsg Flex 200hp Version-
   ZyxelUsg Flex 500h Version-
   ZyxelUsg Flex 50h Version-
   ZyxelUsg Flex 50hp Version-
   ZyxelUsg Flex 700h Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.2% 0.098
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security@zyxel.com.tw 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
09.08.2025 11:36
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-incorrect-permission-assignment-and-improper-privilege-management-vulnerabilities-in-usg-flex-h-series-firewalls-04-22-2025
Vendor Advisory