Plateforme
zyxel
Composant
usg-flex-h-series-uos-firmware
Corrigé dans
1.31.1
CVE-2025-1732 describes a privilege escalation vulnerability discovered in the recovery function of the Zyxel USG FLEX H series uOS firmware. This flaw allows an authenticated local administrator to upload a malicious configuration file, potentially granting them elevated privileges on the device. The vulnerability impacts devices running versions up to and including V1.31, and a patch is available from Zyxel.
Successful exploitation of CVE-2025-1732 could allow an attacker with administrator access to gain complete control over the affected Zyxel USG FLEX H series device. This could involve modifying firewall rules, accessing sensitive data stored on the device, or using the device as a pivot point to attack other systems on the network. The impact is particularly severe because it allows privilege escalation from an already-authenticated administrator account, bypassing standard access controls. The ability to upload a crafted configuration file provides a flexible attack vector, allowing for a wide range of malicious actions.
CVE-2025-1732 was publicly disclosed on April 22, 2025. The vulnerability's impact is considered medium, and no public proof-of-concept exploits have been identified as of this writing. It is not currently listed on the CISA KEV catalog. The ease of exploitation depends on the attacker's ability to gain initial administrator access to the device.
Organizations utilizing Zyxel USG FLEX H series devices deployed in environments where local administrator access is not strictly controlled are at increased risk. Shared hosting environments where multiple users have administrator privileges on the firewall are particularly vulnerable.
• linux / server: Monitor system logs (journalctl) for unusual configuration file upload attempts. Look for patterns indicative of crafted configuration files.
journalctl -u zyxel-uos -f | grep -i 'configuration upload'• zyxel: Check the Zyxel security advisory for specific IOCs related to the vulnerability. Monitor device logs for unauthorized configuration changes. • generic web: If the recovery function is exposed via a web interface, test for file upload vulnerabilities using standard web security testing techniques.
disclosure
Statut de l'Exploit
EPSS
0.08% (percentile 23%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2025-1732 is to upgrade the Zyxel USG FLEX H series uOS firmware to a patched version. Zyxel has released firmware updates to address this vulnerability; refer to their advisory for specific version details. As a temporary workaround, restrict access to the recovery function to trusted administrators only. Consider implementing stricter file validation on uploaded configuration files to prevent malicious content from being processed. Monitor system logs for suspicious activity related to configuration file uploads.
Actualice el firmware de su dispositivo Zyxel USG FLEX H series a una versión posterior a V1.31 para corregir la vulnerabilidad de escalada de privilegios. Consulte el sitio web de Zyxel para obtener la última versión del firmware y las instrucciones de actualización.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-1732 is a medium-severity vulnerability in Zyxel USG FLEX H series uOS firmware versions ≤V1.31. It allows an authenticated local administrator to escalate privileges by uploading a crafted configuration file.
You are affected if you are using Zyxel USG FLEX H series uOS firmware versions up to and including V1.31. Check your device's firmware version and upgrade if necessary.
Upgrade your Zyxel USG FLEX H series uOS firmware to a patched version as recommended by Zyxel. Refer to their security advisory for specific version details.
As of the current date, there are no confirmed reports of active exploitation of CVE-2025-1732, but vigilance is advised.
Please refer to the official Zyxel security advisory for detailed information and mitigation steps. Check the Zyxel support website for the latest updates.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.