Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-1731

An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting malicious scripts or modifying system configurations with administrator-level access through a stolen token. Modifying the system configuration is only possible if the administrator has not logged out and the token remains valid.

Published

2025-04-22T03:15:21.177

Last Modified

2025-10-30T17:55:46.857

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Secondary
CWE-732

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	zyxel	uos	< 1.32	Yes
Hardware	zyxel	usg_flex_100h	-	No
Hardware	zyxel	usg_flex_100hp	-	No
Hardware	zyxel	usg_flex_200h	-	No
Hardware	zyxel	usg_flex_200hp	-	No
Hardware	zyxel	usg_flex_500h	-	No
Hardware	zyxel	usg_flex_50h	-	No
Hardware	zyxel	usg_flex_50hp	-	No
Hardware	zyxel	usg_flex_700h	-	No

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-incorrect-permission-assignment-and-improper-privilege-management-vulnerabilities-in-usg-flex-h-series-firewalls-04-22-2025 Vendor Advisory ([email protected])
http://seclists.org/fulldisclosure/2025/Apr/27 Mailing List (af854a3a-2127-422b-91ae-364da2661108)