Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-1732

An improper privilege management vulnerability in the recovery function of the Zyxel USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable device.

Published

2025-04-22T03:15:21.337

Last Modified

2025-10-30T17:56:11.717

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

Weaknesses

Type: Secondary
CWE-269

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	zyxel	uos	1.31	Yes
Hardware	zyxel	usg_flex_100h	-	No
Hardware	zyxel	usg_flex_100hp	-	No
Hardware	zyxel	usg_flex_200h	-	No
Hardware	zyxel	usg_flex_200hp	-	No
Hardware	zyxel	usg_flex_500h	-	No
Hardware	zyxel	usg_flex_50h	-	No
Hardware	zyxel	usg_flex_50hp	-	No
Hardware	zyxel	usg_flex_700h	-	No

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-incorrect-permission-assignment-and-improper-privilege-management-vulnerabilities-in-usg-flex-h-series-firewalls-04-22-2025 Vendor Advisory ([email protected])