CVE-2025-7673
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-16

Last updated on: 2025-07-16

Assigner: Zyxel Corporation

Description
A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0 could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and potentially execute arbitrary code by sending a specially crafted HTTP request.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-16
Last Modified
2025-07-16
Generated
2026-05-27
AI Q&A
2025-07-16
EPSS Evaluated
2026-05-25
NVD
CVE-2025-7673
EUVD
EUVD-2025-21579
Affected Vendors & Products
Showing 22 associated CPEs
Vendor Product Version / Range
zyxel xmg8825-b50a v5.17(abmt.5)c0
zyxel vmg3927-t50k v5.50(abom.5)c0
zyxel vmg8924-b10d v5.13(abgq.6)c0
zyxel xmg3927-b50a v5.15(abmt.5)c0
zyxel ex3510-b0 v5.17(abup.3)c0
zyxel vmg8825-b50a_b60a v5.15(abmt.5)c0
zyxel vmg8825-bx0b v5.17(abny.5)c0
zyxel vmg3625-t50b v5.50(abpm.4)c0
zyxel ex5510-b0 v5.15(abqx.3)c0
zyxel emg3525-t50b v5.50(abpm.4)c0
zyxel vmg3925-b10b b10c
zyxel vmg4927-b50a v5.13(ably.6)c0
zyxel vmg3927-b50b v5.13(ably.6)c0
zyxel emg5723-t50k v5.50(abom.5)c0
zyxel vmg4005-b50b v5.13(abrl.5)c0
zyxel vmg3927-b50a_b60a v5.15(abmt.5)c0
zyxel vmg8623-t50b v5.50(abpm.4)c0
zyxel vmg1312-t20b v5.50(absb.3)c0
zyxel vmg8825-t50k v5.50(abom.5)c0
zyxel emg5523-t50b v5.50(abpm.4)c0
zyxel zhttpd *
zyxel emg6726-b10a v5.13(abnp.6).c0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a buffer overflow in the URL parser of the zhttpd web server used in Zyxel VMG8825-T50K firmware versions before V5.50(ABOM.5)C0. An unauthenticated attacker can exploit this by sending a specially crafted HTTP request, which may cause the server to crash (denial-of-service) or potentially allow the attacker to execute arbitrary code on the device.


How can this vulnerability impact me? :

The vulnerability can lead to denial-of-service conditions, making the affected device unavailable. Additionally, it may allow an attacker to execute arbitrary code remotely without authentication, potentially compromising the device and any network it is connected to.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart