CVE-2025-7673

high-risk

Published 2025-07-16

A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0 could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and potentially execute arbitrary code by sending a specially crafted HTTP request.

Do I need to act?

0.66% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Emg3525-T50B Firmware

Emg5523-T50B Firmware

Emg5723-T50K Firmware

Emg6726-B10A Firmware

Ex3510-B0 Firmware

Ex5510-B0 Firmware

Vmg1312-T20B Firmware

Vmg3625-T50B Firmware

Vmg3925-B10B Firmware

Vmg3925-B10C Firmware

Vmg3927-B50A Firmware

Vmg3927-B60A Firmware

Vmg3927-B50B Firmware

Vmg3927-T50K Firmware

Vmg4005-B50B Firmware

Vmg4927-B50A Firmware

Vmg8623-T50B Firmware

Vmg8825-B50A Firmware

Affected Vendors

Zyxel

References (1)

Vendor Advisory https://www.zyxel.com/service-provider/global/en/zyxel-security-advisory-remote-...

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 2/34 · Minimal

Exposure 21/34 · High