CVE-2025-7673 (GCVE-0-2025-7673)

Vulnerability from cvelistv5 – Published: 2025-07-16 07:11 – Updated: 2025-07-19 03:55
VLAI?
Summary
A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0 could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and potentially execute arbitrary code by sending a specially crafted HTTP request.
Severity ?
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
Vendor Product Version
Zyxel VMG8825-T50K firmware Affected: < V5.50(ABOM.5)C0
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-7673",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-18T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-19T03:55:18.953Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "VMG8825-T50K firmware",
          "vendor": "Zyxel",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c V5.50(ABOM.5)C0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0 could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and potentially execute arbitrary code by sending a specially crafted HTTP request."
            }
          ],
          "value": "A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0 could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and potentially execute arbitrary code by sending a specially crafted HTTP request."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-16T07:11:02.974Z",
        "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "shortName": "Zyxel"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.zyxel.com/service-provider/global/en/zyxel-security-advisory-remote-code-execution-and-denial-service-vulnerabilities-cpe"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
    "assignerShortName": "Zyxel",
    "cveId": "CVE-2025-7673",
    "datePublished": "2025-07-16T07:11:02.974Z",
    "dateReserved": "2025-07-15T02:01:55.637Z",
    "dateUpdated": "2025-07-19T03:55:18.953Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-7673\",\"sourceIdentifier\":\"security@zyxel.com.tw\",\"published\":\"2025-07-16T07:15:24.437\",\"lastModified\":\"2026-01-14T17:52:29.083\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0 could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and potentially execute arbitrary code by sending a specially crafted HTTP request.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de desbordamiento de b\u00fafer en el analizador de URL del servidor web zhttpd en versiones de firmware Zyxel VMG8825-T50K anteriores a V5.50(ABOM.5)C0 podr\u00eda permitir que un atacante no autenticado provoque condiciones de denegaci\u00f3n de servicio (DoS) y potencialmente ejecute c\u00f3digo arbitrario enviando una solicitud HTTP especialmente manipulada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@zyxel.com.tw\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@zyxel.com.tw\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:emg3525-t50b_firmware:*:*:*:*:emea:*:*:*\",\"versionEndExcluding\":\"5.50\\\\(abpm.4\\\\)c0\",\"matchCriteriaId\":\"79535B71-D720-4470-A94C-96EA82B283D1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:emg3525-t50b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9259E2F6-885D-4B44-8D40-20758DA599D2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:emg3525-t50b_firmware:*:*:*:*:america:*:*:*\",\"versionEndExcluding\":\"5.50\\\\(absl.0\\\\)b8\",\"matchCriteriaId\":\"667A382C-62F8-4247-A7E4-3274ABD894D5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:emg3525-t50b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9259E2F6-885D-4B44-8D40-20758DA599D2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:emg5523-t50b_firmware:*:*:*:*:emea:*:*:*\",\"versionEndExcluding\":\"5.50\\\\(abpm.4\\\\)c0\",\"matchCriteriaId\":\"D59F9125-06CF-4C17-ABAD-3BFFD54093E1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:emg5523-t50b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3ECE0EB-C429-4716-ABFB-73540847EB9E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:emg5523-t50b_firmware:*:*:*:*:america:*:*:*\",\"versionEndExcluding\":\"5.50\\\\(absl.0\\\\)b8\",\"matchCriteriaId\":\"5BE4095A-D9CD-47FC-B4FA-704C8DDA3B02\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:emg5523-t50b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3ECE0EB-C429-4716-ABFB-73540847EB9E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:emg5723-t50k_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.50\\\\(abom.5\\\\)c0\",\"matchCriteriaId\":\"0BC0ACFB-B5F5-4853-8B65-1B17F1BA1D2D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:emg5723-t50k:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B18982B2-E575-478E-A2B4-0932DE329056\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:emg6726-b10a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.13\\\\(abnp.6\\\\).c\",\"matchCriteriaId\":\"8FD1C181-B807-4836-A691-84F23E58F29B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:emg6726-b10a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"304D3B33-F7EC-4EB3-B6EF-6BEB2112F9C0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:ex3510-b0_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.17\\\\(abup.3\\\\)c0\",\"matchCriteriaId\":\"BF7FBB73-CD6F-41E4-B610-04ABEA5612AB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:ex3510-b0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0455EC5-B783-4CDB-9DC0-D8EF377A5F2C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:ex5510-b0_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.15\\\\(abqx.3\\\\)c0\",\"matchCriteriaId\":\"504D90EC-C277-47BA-8E36-B21BEFC2B008\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:ex5510-b0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E82D41CC-2EB3-4892-8383-FB2C9EC64D9E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:vmg1312-t20b_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.50\\\\(absb.3\\\\)c0\",\"matchCriteriaId\":\"863B6221-F7C9-46BE-82B8-D6D8B9EA7BFA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:vmg1312-t20b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37348176-08FD-40F0-9903-05ABABBB1F5C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:vmg3625-t50b_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.50\\\\(abpm.4\\\\)c0\",\"matchCriteriaId\":\"7085C97B-1960-4787-9B5B-43E8B8A6DB79\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:vmg3625-t50b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB5E8468-D12F-4CBE-AC7E-27D5A928A85A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:vmg3925-b10b_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.13\\\\(aavf.16\\\\)c\",\"matchCriteriaId\":\"4B9D9186-E7E1-4A11-9B77-9E4A17580D3A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:vmg3925-b10b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A35350B7-8398-4364-8731-1A278EE28A6D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:vmg3925-b10c_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.13\\\\(aavf.16\\\\)c\",\"matchCriteriaId\":\"2CD8D4DA-C916-44B0-867C-46C57626B397\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:vmg3925-b10c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22FE72FB-2210-4996-B702-D3C67DC65360\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:vmg3927-b50a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.15\\\\(abmt.5\\\\)c0\",\"matchCriteriaId\":\"5D6CE8F4-9EA3-49EA-8C7A-F9DFDD4A3EC9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:vmg3927-b50a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F814684F-D45D-4EF8-A294-A6122B7A760B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:vmg3927-b60a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.15\\\\(abmt.5\\\\)c0\",\"matchCriteriaId\":\"B47EEF81-9B4A-4F75-8C9D-5F3C2DB6162A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:vmg3927-b60a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99C11501-33FD-4421-909E-E6533EF6F03A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:vmg3927-b50b_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.13\\\\(ably.6\\\\)c0\",\"matchCriteriaId\":\"1D78B9D9-36BD-4F4E-B12B-63E17CDB5CA8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:vmg3927-b50b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94BE349D-EC30-4EB7-8B68-EA7223364A4B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:vmg3927-t50k_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.50\\\\(abom.5\\\\)c0\",\"matchCriteriaId\":\"6E334B7C-9B91-4CCF-8B0B-9319EECF0BCC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:vmg3927-t50k:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B33AE56-3948-494B-9E23-54D939DF0D3E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:vmg4005-b50b_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.13\\\\(abrl.5\\\\)c0\",\"matchCriteriaId\":\"AB30352E-3CC4-4AA0-9142-D6D7D012C888\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:vmg4005-b50b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36B2A37B-0662-43E7-AEB4-DF0C5A30A95F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:vmg4927-b50a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.13\\\\(ably.6\\\\)c0\",\"matchCriteriaId\":\"700A2229-90D7-4081-8EA6-666161325FAD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:vmg4927-b50a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0EE70D2-51BB-4E45-8995-655C1394C440\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:vmg8623-t50b_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.50\\\\(abpm.4\\\\)c0\",\"matchCriteriaId\":\"53FAEFB8-139C-4CD7-9DA3-E69BC6873759\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:vmg8623-t50b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3535B63-318C-4EB5-ADC8-0AF3FB443DFC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:vmg8825-b50a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.15\\\\(abmt.5\\\\)c0\",\"matchCriteriaId\":\"34A42862-B686-4CAA-A410-D31E1961C5DD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:vmg8825-b50a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED88F55C-C687-4413-BEC8-DEB15D6AA2F2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:vmg8825-b60a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.15\\\\(abmt.5\\\\)c0\",\"matchCriteriaId\":\"96D61E6B-EB21-4714-BEBA-68930F0D8EF8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:vmg8825-b60a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7654E872-36CA-4502-9B91-01741D6E4F46\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:vmg8825-bx0b_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.17\\\\(abny.5\\\\)c0\",\"matchCriteriaId\":\"4D5BC2D2-9ED0-4380-84C0-02E59EB5C7D3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:vmg8825-bx0b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"205B8F14-3CF2-4329-9642-F4895AF77501\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:vmg8825-t50k_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.50\\\\(abom.5\\\\)c0\",\"matchCriteriaId\":\"621E2854-755E-4DF6-B20E-8CBC4876FB2B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:vmg8825-t50k:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4C2320B-52DF-4F86-86D2-42FB62337773\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:vmg8924-b10d_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.13\\\\(abgq.6\\\\)c0\",\"matchCriteriaId\":\"94FE8F58-C814-46B0-B9CB-F71BE3EF15FE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:vmg8924-b10d:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CB1E19B-BE58-4C79-8AD2-9F23556714D2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:xmg3927-b50a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.15\\\\(abmt.5\\\\)c0\",\"matchCriteriaId\":\"3A795802-7981-4FC2-977E-54AF44A294D7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:xmg3927-b50a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99B19AC3-D417-48C7-8C18-F5516794260B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:xmg8825-b50a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.17\\\\(abmt.5\\\\)c0\",\"matchCriteriaId\":\"6E1B1E99-2A44-4566-BA91-4D0C7006F8B7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:xmg8825-b50a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4861B59F-AB86-4A4D-A04C-6EE68EC4A206\"}]}]}],\"references\":[{\"url\":\"https://www.zyxel.com/service-provider/global/en/zyxel-security-advisory-remote-code-execution-and-denial-service-vulnerabilities-cpe\",\"source\":\"security@zyxel.com.tw\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-7673\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-16T14:35:07.300023Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-16T14:35:11.324Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Zyxel\", \"product\": \"VMG8825-T50K firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c V5.50(ABOM.5)C0\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.zyxel.com/service-provider/global/en/zyxel-security-advisory-remote-code-execution-and-denial-service-vulnerabilities-cpe\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0 could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and potentially execute arbitrary code by sending a specially crafted HTTP request.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0 could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and potentially execute arbitrary code by sending a specially crafted HTTP request.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-120\", \"description\": \"CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"96e50032-ad0d-4058-a115-4d2c13821f9f\", \"shortName\": \"Zyxel\", \"dateUpdated\": \"2025-07-16T07:11:02.974Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-7673\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-19T03:55:18.953Z\", \"dateReserved\": \"2025-07-15T02:01:55.637Z\", \"assignerOrgId\": \"96e50032-ad0d-4058-a115-4d2c13821f9f\", \"datePublished\": \"2025-07-16T07:11:02.974Z\", \"assignerShortName\": \"Zyxel\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.