Home

Description

An improper privilege management vulnerability in the recovery function of the Zyxel USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable device.

PUBLISHED Reserved 2025-02-27 | Published 2025-04-22 | Updated 2025-06-12 | Assigner Zyxel




MEDIUM: 6.7CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-269 Improper Privilege Management

Product status

Default status
unaffected

<= V1.31
affected

References

www.zyxel.com/...s-in-usg-flex-h-series-firewalls-04-22-2025 vendor-advisory

cve.org (CVE-2025-1732)

nvd.nist.gov (CVE-2025-1732)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.