#VU113043 Buffer overflow in ZyXEL Communications Corp. products - CVE-2025-7673

Vulnerability identifier: #VU113043

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2025-7673

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
EMG3525-T50B
EMG5523-T50B
EMG5723-T50K
EMG6726-B10A
EX3510-B0
EX5510-B0
VMG1312-T20B
VMG3625-T50B
VMG3925-B10B/B10C
VMG3927-B50A_B60A
VMG3927-B50B
VMG3927-T50K
VMG4005-B50B
VMG4927-B50A
VMG8623-T50B
VMG8825-B50A_B60A
VMG8825-Bx0B
VMG8825-T50K
VMG8924-B10D
XMG3927-B50A
XMG8825-B50A

Software vendor:
ZyXEL Communications Corp.

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the URL parser of the zhttpd web server. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install updates from vendor's website.

• https://www.zyxel.com/service-provider/global/en/zyxel-security-advisory-remote-code-execution-and-denial-service-vulnerabilities-cpe