216.73.217.50

CVE-2025-1732

· Published 22/04/2025 03:15 · Modified 22/04/2025 03:15

Labels: CVE-2025-1732 2025-04-22CVE-2025-1732CWE-269[email protected]

Essential information

Published
22/04/2025 03:15
Modified
22/04/2025 03:15
Author
Creator
CVSS
6.7 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

An improper privilege management vulnerability in the recovery function of the USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable device.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
zyxel / usg flex h series uos firmware cpe:2.3:h:zyxel:usg_flex_h_series_uos_firmware:<=1.31:*:*:*:*:*:*:*

References