CVE-2025-6265
BaseFortify
Publication date: 2025-07-15
Last updated on: 2025-07-15
Assigner: Zyxel Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zyxel | nwa50ax_pro | 7.10 |
| zyxel | nwa50ax_pro | 7.10 |
| zyxel | nwa50ax_pro | 7.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6265 is a path traversal vulnerability in the file_upload-cgi CGI program of Zyxel NWA50AX PRO firmware version 7.10(ACGE.2) and earlier. It allows an authenticated attacker with administrator privileges to navigate through directories and delete files on the device, including critical files like the configuration file. Exploiting this requires the attacker to already have administrator access, typically within a LAN environment. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker with administrator privileges to delete important files on the affected Zyxel device, such as configuration files. This could lead to device misconfiguration, denial of service, or loss of control over the device, impacting network availability and security. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves verifying the firmware version of Zyxel NWA50AX PRO devices to identify if they are running vulnerable versions at or below 7.10(ABYW.1). Since the vulnerability requires authenticated administrator access, monitoring for unusual file deletion activities or unauthorized directory traversal attempts in the device logs may help. Specific commands are not provided in the resources, but checking the firmware version via the device management interface or CLI is recommended. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the affected Zyxel devices to the patched firmware versions, such as upgrading the NWA50AX PRO to version 7.10(ABYW.3) or later. If a patch is not yet available for your model, contact Zyxel support or your local representative to request a hotfix. Additionally, ensure strong, unique administrator passwords to reduce the risk of compromise. [1]