CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-1732

An improper privilege management vulnerability in the recovery function of the Zyxel USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable device.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 2.6%

CVSS Severity

CVSS v3 Score 6.7

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-incorrect-permission-assignment-and-improper-privilege-management-vulnerabilities-in-usg-flex-h-series-firewalls-04-22-2025

Products affected by CVE-2025-1732

Zyxel » Usg Flex 100h » Version: N/A

cpe:2.3:h:zyxel:usg_flex_100h:-
Zyxel » Usg Flex 100hp » Version: N/A

cpe:2.3:h:zyxel:usg_flex_100hp:-
Zyxel » Usg Flex 200h » Version: N/A

cpe:2.3:h:zyxel:usg_flex_200h:-
Zyxel » Usg Flex 200hp » Version: N/A

cpe:2.3:h:zyxel:usg_flex_200hp:-
Zyxel » Usg Flex 500h » Version: N/A

cpe:2.3:h:zyxel:usg_flex_500h:-
Zyxel » Usg Flex 50h » Version: N/A

cpe:2.3:h:zyxel:usg_flex_50h:-
Zyxel » Usg Flex 50hp » Version: N/A

cpe:2.3:h:zyxel:usg_flex_50hp:-
Zyxel » Usg Flex 700h » Version: N/A

cpe:2.3:h:zyxel:usg_flex_700h:-
Zyxel » Uos » Version: 1.31

cpe:2.3:o:zyxel:uos:1.31

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-1732

Products

Pricing

Contact Us