Plattform
zyxel
Komponente
nwa50ax-pro-firmware
Behoben in
7.10.1
CVE-2025-6265 describes a path traversal vulnerability discovered in the file_upload-cgi CGI program within the Zyxel NWA50AX PRO firmware. This flaw allows an authenticated administrator to bypass access controls and potentially delete critical files, disrupting device functionality. The vulnerability impacts firmware versions up to and including 7.10(ACGE.2). A patch is expected from Zyxel.
Successful exploitation of CVE-2025-6265 grants an attacker unauthorized access to specific directories on the Zyxel NWA50AX PRO device. The most concerning impact is the ability to delete files, particularly the device's configuration file. This could lead to complete device failure, requiring a factory reset and reconfiguration. Given the device's role in wireless network management, a compromised NWA50AX PRO could disrupt network connectivity and potentially expose sensitive configuration data. While the vulnerability requires administrator authentication, this highlights the importance of strong password policies and multi-factor authentication for network devices.
CVE-2025-6265 was publicly disclosed on 2025-07-15. Currently, there are no known public proof-of-concept exploits available. The vulnerability is not listed on the CISA KEV catalog as of this writing. The relatively recent disclosure and lack of public exploits suggest a low to medium probability of immediate widespread exploitation, but proactive mitigation is still recommended.
Organizations utilizing Zyxel NWA50AX PRO access points running firmware versions 7.10(ACGE.2) or earlier are at risk. This includes businesses relying on these access points for Wi-Fi connectivity, particularly those with limited security expertise or those who have not diligently applied firmware updates.
• zyxel: Examine access logs for unusual file upload requests containing path traversal sequences (e.g., ../).
• linux / server: Use lsof to monitor file access patterns and identify any unexpected file modifications or deletions.
• generic web: Monitor web server access logs for requests targeting the file_upload-cgi endpoint with suspicious parameters.
# Example: grep for path traversal attempts in access logs
grep '..\/' /var/log/nginx/access.logdisclosure
Exploit-Status
EPSS
0.14% (34% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-6265 is to upgrade the Zyxel NWA50AX PRO firmware to a version that includes the security patch. Monitor Zyxel's support website for the availability of the updated firmware. As a temporary workaround, restrict access to the fileupload-cgi program using firewall rules or access control lists (ACLs) to limit access to trusted administrators only. Regularly review device logs for any suspicious activity related to file uploads or deletions. After upgrading the firmware, verify the fix by attempting a path traversal attack via the fileupload-cgi program; it should be blocked.
Actualice el firmware de su dispositivo Zyxel NWA50AX PRO a una versión posterior a 7.10(ACGE.2) para corregir la vulnerabilidad de path traversal. Consulte el sitio web de Zyxel para obtener la última versión del firmware y las instrucciones de actualización.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-6265 is a Path Traversal vulnerability affecting Zyxel NWA50AX PRO firmware versions up to 7.10(ACGE.2), allowing authenticated administrators to access and potentially delete files.
You are affected if you are using Zyxel NWA50AX PRO firmware version 7.10(ACGE.2) or earlier. Check your firmware version against the affected range.
Upgrade your Zyxel NWA50AX PRO firmware to a patched version as soon as it becomes available from Zyxel. Monitor their support website for updates.
Currently, there are no confirmed reports of active exploitation, but the vulnerability is publicly known and could be targeted.
Refer to the Zyxel support website for the latest security advisories and firmware updates related to CVE-2025-6265.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.