Platform
zyxel
Component
nwa50ax-pro-firmware
Fixed in
7.10.1
CVE-2025-6265 describes a path traversal vulnerability discovered in the file_upload-cgi CGI program within Zyxel NWA50AX PRO firmware. This flaw allows an authenticated administrator to bypass intended access controls and potentially delete critical files, impacting device functionality and security. The vulnerability affects firmware versions up to and including 7.10(ACGE.2). A patch is expected from Zyxel.
Successful exploitation of CVE-2025-6265 allows an attacker with administrator privileges to traverse the file system of the Zyxel NWA50AX PRO device. This means they can access files outside of the intended upload directory. The most concerning impact is the ability to delete files, particularly the device's configuration file. Deletion of the configuration file could render the device inoperable, requiring a factory reset and potentially leading to data loss. Furthermore, access to other sensitive files could expose credentials or other confidential information. The blast radius is limited to the affected device, but a compromised access point could impact the network it serves.
CVE-2025-6265 was publicly disclosed on 2025-07-15. Currently, there are no publicly available proof-of-concept exploits. The vulnerability's severity is rated HIGH (CVSS 7.2), indicating a moderate probability of exploitation. It is not currently listed on the CISA KEV catalog. Active campaigns targeting this vulnerability are not currently known.
Exploit Status
EPSS
0.14% (34% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-6265 is to upgrade the Zyxel NWA50AX PRO firmware to a version that includes the security patch. Monitor Zyxel's support website for the availability of the updated firmware. As a temporary workaround, restrict administrator access to the file upload functionality and implement strict file type validation to prevent malicious uploads. Consider implementing network segmentation to limit the impact of a potential compromise. After upgrading, verify the integrity of the configuration file and confirm that the file upload functionality is operating as expected.
Actualice el firmware de su dispositivo Zyxel NWA50AX PRO a una versión posterior a 7.10(ACGE.2) para corregir la vulnerabilidad de path traversal. Consulte el sitio web de Zyxel para obtener la última versión del firmware y las instrucciones de actualización.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-6265 is a Path Traversal vulnerability affecting Zyxel NWA50AX PRO firmware versions up to 7.10(ACGE.2), allowing authenticated administrators to access and potentially delete files.
You are affected if you are using Zyxel NWA50AX PRO firmware version 7.10(ACGE.2) or earlier. Check your firmware version against the affected range.
Upgrade your Zyxel NWA50AX PRO firmware to a patched version as soon as it becomes available from Zyxel. Monitor their support website for updates.
Currently, there are no confirmed reports of active exploitation, but the vulnerability is publicly known and could be targeted.
Refer to the Zyxel support website for the latest security advisories and firmware updates related to CVE-2025-6265.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.