Path traversal in Zyxel APs



Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2025-6265
CWE-ID CWE-22
Exploitation vector Network
Public exploit N/A
Vulnerable software
 NWA50AX
Hardware solutions / Routers & switches, VoIP, GSM, etc

NWA50AX PRO
Hardware solutions / Routers & switches, VoIP, GSM, etc

NWA55AXE
Hardware solutions / Routers & switches, VoIP, GSM, etc

NWA90AX
Hardware solutions / Routers & switches, VoIP, GSM, etc

NWA90AX PRO
Hardware solutions / Routers & switches, VoIP, GSM, etc

NWA130BE
Hardware solutions / Routers & switches, VoIP, GSM, etc

NWA220AX-6E
Hardware solutions / Routers & switches, VoIP, GSM, etc

WAX300H
Hardware solutions / Routers & switches, VoIP, GSM, etc

WAX620D-6E
Hardware solutions / Routers & switches, VoIP, GSM, etc

WAX630S
Hardware solutions / Routers & switches, VoIP, GSM, etc

WAX640S-6E
Hardware solutions / Routers & switches, VoIP, GSM, etc

WAX655E
Hardware solutions / Routers & switches, VoIP, GSM, etc

WBE530
Hardware solutions / Routers & switches, VoIP, GSM, etc

WBE660S
Hardware solutions / Routers & switches, VoIP, GSM, etc

NWA110AX
Hardware solutions / Firmware

NWA210AX
Hardware solutions / Firmware

NWA1123AC PRO
Hardware solutions / Firmware

WAC500H
Hardware solutions / Firmware

WAC5302D-Sv2
Hardware solutions / Firmware

WAC6103D-I
Hardware solutions / Firmware

WAX510D
Hardware solutions / Firmware

WAX610D
Hardware solutions / Firmware

WAX650S
Hardware solutions / Firmware

Vendor ZyXEL Communications Corp.

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Path traversal

EUVDB-ID: #VU112893

Risk: Low

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-6265

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in the file_upload-cgi CGI program. A remote administrator can access specific directories and delete files.

Mitigation

Install update from vendor's website.

Vulnerable software versions

NWA50AX: - - 7.10(ABYW.1)

NWA50AX PRO: - - 7.10(ACGE.2)

NWA55AXE: - - 7.10(ABZL.1)

NWA90AX: - - 7.10(ACCV.1)

NWA90AX PRO: - - 7.10(ACGF.2)

NWA110AX: - - 7.10(ABTG.1)

NWA130BE: - - 7.10(ACIL.2)

NWA210AX: - - 7.10(ABTD.1)

NWA220AX-6E: - - 7.10(ACCO.1)

NWA1123AC PRO: - - 6.28(ABHD.3)

WAC500H: - - 6.70(ABWA.6)

WAC5302D-Sv2: - - 6.25(ABVZ.9)

WAC6103D-I: - - 6.28(AAXH.3)

WAX300H: - - 7.10(ACHF.1)

WAX510D: - - 7.10(ABTF.1)

WAX610D: - - 7.10(ABTE.1)

WAX620D-6E: - - 7.10(ACCN.1)

WAX630S: - - 7.10(ABZD.1)

WAX640S-6E: - - 7.10(ACCM.1)

WAX650S: - - 7.10(ABRM.1)

WAX655E: - - 7.10(ACDO.1)

WBE530: - - 7.10(ACLE.2)

WBE660S: - - 7.10(ACGG.2)

CPE2.3 External links

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-path-traversal-vulnerability-in-aps-07-15-2025


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###