8.1
CVE-2025-9133
- EPSS 0.05%
- Veröffentlicht 21.10.2025 01:57:20
- Zuletzt bearbeitet 28.10.2025 19:18:15
- Quelle security@zyxel.com.tw
- CVE-Watchlists
- Unerledigt
LoginA missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow a semi-authenticated attacker—who has completed only the first stage of the two-factor authentication (2FA) process—to view and download the system configuration from an affected device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zyxel ≫ Zld Version >= 4.50 < 5.41
Zyxel ≫ Usg Flex 100 Version-
Zyxel ≫ Usg Flex 100ax Version-
Zyxel ≫ Usg Flex 100w Version-
Zyxel ≫ Usg Flex 200 Version-
Zyxel ≫ Usg Flex 50 Version-
Zyxel ≫ Usg Flex 500 Version-
Zyxel ≫ Usg Flex 50ax Version-
Zyxel ≫ Usg Flex 700 Version-
Zyxel ≫ Usg Flex 100ax Version-
Zyxel ≫ Usg Flex 100w Version-
Zyxel ≫ Usg Flex 200 Version-
Zyxel ≫ Usg Flex 50 Version-
Zyxel ≫ Usg Flex 500 Version-
Zyxel ≫ Usg Flex 50ax Version-
Zyxel ≫ Usg Flex 700 Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.152 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@zyxel.com.tw | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.