CVE-2025-1732

Advanced_Rough8330

AuthenticatedRemoteCodeExecutiononUSGFLEXHSeries(CVE-2025-1731/CVE-2025-1732)

Dinosn

Authenticated Remote Code Execution on USG FLEX H Series (CVE-2025-1731 / CVE-2025-1732)

syedaquib77

Vulnerability Alert: Zyxel USG FLEX H-Series Privilege Management Vulnerabilities Timeline: Disclosure: 2025-04-22, Patch: 2025-04-22 Attribution: Alessandro Sgreccia, Marco Ivaldi CVE ID: CVE-2025-1731 Base Score: 7.8 CVSS Metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvssSeverity: High EPSS Percentile: 1.34% Exploit Maturity: Not Available Affected Versions: - uOS V1.20 to V1.31 Fixed Versions: - uOS V1.32 Attack Vectors: - Access Control Errors - Privilege Escalation Summary: Zyxel has released urgent security patches to address two critical privilege management vulnerabilities, tracked as CVE-2025-1731 and CVE-2025-1732, in its USG FLEX H series firewalls. CVE-2025-1731 is an Incorrect Permission Assignment flaw in the PostgreSQL command processing of certain uOS firmware versions. An authenticated local attacker can exploit this to access the Linux shell and potentially escalate privileges to administrator level if an administrator session is active. Impact Scope: Potential unauthorized access to sensitive system functions Recommended Actions: - Update to firmware version uOS V1.32 as a critical measure. Related Resources: - https://t.co/CnqBpgqqXf - https://t.co/FTDMh0hjc3 - https://t.co/RvuFrXfrDt - https://t.co/ez5fLXOHQD Tags: #Zyxel #Firewall #USGFLEXHSeries #PrivilegeEscalation #Vulnerability #SecurityAdvisory #Patch #Cybersecurity

fletch_ai

Threat Alert: Zyxel RCE Flaw Lets Attackers Run Commands Without Authentication CVE-2025-1731 CVE-2025-1732 Severity: High Maturity: Mainstream Learn more: https://t.co/KYR1Q678Tf #CyberSecurity #ThreatIntel #InfoSec