CVE-2025-6599

moderate-risk

Published 2025-11-18

An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an attacker to perform Slowloris‑style denial‑of‑service (DoS) attacks. Such attacks may temporarily block legitimate HTTP requests and partially disrupt access to the web management interface, while other networking services remain unaffected.

Do I need to act?

0.08% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Lte3301-Plus Firmware

Nr5103 Firmware

Nr5103E Firmware

Nr5309 Firmware

Nr7302 Firmware

Nr7303 Firmware

Nebula Fwa505 Firmware

Nebula Fwa510 Firmware

Nebula Fwa515 Firmware

Nebula Fwa710 Firmware

Dm4200-B0 Firmware

Dx3300-T0 Firmware

Dx3300-T1 Firmware

Dx3301-T0 Firmware

Dx4510-B1 Firmware

Dx5401-B0 Firmware

Dx5401-B1 Firmware

Ee3301-00 Firmware

Ee5301-00 Firmware

Ee6510-10 Firmware

Affected Vendors

Zyxel

References (1)

Vendor Advisory https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advis...

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 27/34 · High