6.7
CVE-2025-1732
- EPSS 0.2%
- Veröffentlicht 22.04.2025 01:57:35
- Zuletzt bearbeitet 30.10.2025 17:56:11
- Quelle security@zyxel.com.tw
- CVE-Watchlists
- Unerledigt
An improper privilege management vulnerability in the recovery function of the Zyxel USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zyxel ≫ Uos Version1.31
Zyxel ≫ Usg Flex 100h Version-
Zyxel ≫ Usg Flex 100hp Version-
Zyxel ≫ Usg Flex 200h Version-
Zyxel ≫ Usg Flex 200hp Version-
Zyxel ≫ Usg Flex 500h Version-
Zyxel ≫ Usg Flex 50h Version-
Zyxel ≫ Usg Flex 50hp Version-
Zyxel ≫ Usg Flex 700h Version-
Zyxel ≫ Usg Flex 100hp Version-
Zyxel ≫ Usg Flex 200h Version-
Zyxel ≫ Usg Flex 200hp Version-
Zyxel ≫ Usg Flex 500h Version-
Zyxel ≫ Usg Flex 50h Version-
Zyxel ≫ Usg Flex 50hp Version-
Zyxel ≫ Usg Flex 700h Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.098 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@zyxel.com.tw | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-incorrect-permission-assignment-and-improper-privilege-management-vulnerabilities-in-usg-flex-h-series-firewalls-04-22-2025